Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/79658
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18536
Exploit x_refsource_misc
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52218
Various Sources x_refsource_misc
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48190
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73575
Scores
EPSS
0.0294
EPSS Percentile
86.5%
Details
CWE
CWE-352
Status
published
Products (13)
nikola_posa/webfoliocms1.0.2
nikola_posa/webfoliocms1.0.3
nikola_posa/webfoliocms1.0.4
nikola_posa/webfoliocms1.0.5
nikola_posa/webfoliocms1.0.6
nikola_posa/webfoliocms1.0.7
nikola_posa/webfoliocms1.0.8
nikola_posa/webfoliocms1.0.9
nikola_posa/webfoliocms1.1.0
nikola_posa/webfoliocms1.1.1
... and 3 more
Published
Mar 19, 2012
Tracked Since
Feb 18, 2026