CVE-2012-2602

SolarWinds Orion NPM <10.3.1 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · javascriptwebappswindows

https://www.exploit-db.com/exploits/20011

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/50004

[Exploit] http://www.exploit-db.com/exploits/20011

[US Government Resource] http://www.kb.cert.org/vuls/id/174119

[Exploit] http://www.securityfocus.com/bid/54624

[Various Sources] http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm

[Third Party Advisory, VDB Entry] http://osvdb.org/84116

Scores

EPSS 0.0871

EPSS Percentile 92.5%

Details

CWE

CWE-352

Status published

Products (2)

solarwinds/orion_network_performance_monitor 10.1.13.0

solarwinds/orion_network_performance_monitor < 10.2.2

Published Aug 12, 2012

Tracked Since Feb 18, 2026