CVE-2012-1897

Wolfcms Wolf Cms < 0.7.5 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/18652

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

[Vendor Advisory] http://secunia.com/advisories/48520

[Various Sources] http://www.webapp-security.com/2012/03/wolfcms/

[Exploit] http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt

Scores

EPSS 0.0025

EPSS Percentile 48.6%

Details

CWE

CWE-352

Status published

Products (7)

wolfcms/wolf_cms 0.5.0

wolfcms/wolf_cms 0.5.5

wolfcms/wolf_cms 0.6.0

wolfcms/wolf_cms 0.7.0

wolfcms/wolf_cms 0.7.2

wolfcms/wolf_cms 0.7.3

wolfcms/wolf_cms < 0.7.5

Published Oct 01, 2012

Tracked Since Feb 18, 2026