Description
Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ivano Binetti · textwebappsphp
https://www.exploit-db.com/exploits/18609
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18609
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48451
Scores
EPSS
0.0031
EPSS Percentile
54.3%
Details
CWE
CWE-352
Status
published
Products (3)
flexcms/flexcms
2.0
flexcms/flexcms
2.5
flexcms/flexcms
< 3.2.1
Published
Sep 18, 2012
Tracked Since
Feb 18, 2026