CVE-2012-1498

Nikola Posa Webfoliocms1.0.2 - CSRF

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1498. PoCs published by Ivano Binetti.

AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in WebfolioCMS <= 1.1.4, allowing an attacker to add an administrator account or modify web pages via crafted HTML forms. The PoC includes two separate forms for adding an admin and modifying a page, both auto-submitted via JavaScript.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.

Exploits (1)

exploitdb WORKING POC

by Ivano Binetti · textwebappsphp

https://www.exploit-db.com/exploits/18536

View Code ZIP pw:eip

This exploit demonstrates CSRF vulnerabilities in WebfolioCMS <= 1.1.4, allowing an attacker to add an administrator account or modify web pages via crafted HTML forms. The PoC includes two separate forms for adding an admin and modifying a page, both auto-submitted via JavaScript.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WebfolioCMS <= 1.1.4

No auth needed

Prerequisites: Victim must be authenticated and visit a malicious page

MITRE ATT&CK