CVE-2012-1416

Socialcms - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.

Exploits (2)

exploitdb WORKING POC

by Ivano Binetti · htmlwebappsphp

https://www.exploit-db.com/exploits/18487

View Code ZIP pw:eip

exploitdb WORKING POC

by vir0e5 · htmlwebappsphp

https://www.exploit-db.com/exploits/17193

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/44313

[Exploit] http://www.exploit-db.com/exploits/17193

[Exploit] http://www.exploit-db.com/exploits/18487

[Third Party Advisory, VDB Entry] http://www.osvdb.org/71930

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66985

Scores

EPSS 0.0043

EPSS Percentile 63.0%

Details

CWE

CWE-352

Status published

Products (1)

socialcms/socialcms 1.0.2

Published Oct 08, 2012

Tracked Since Feb 18, 2026