CVE-2012-3231
web@all 2.0 - Cross-Site Request Forgery via do_addfile Action
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54109
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23094
Scores
EPSS
0.0153
EPSS Percentile
71.8%
Details
CWE
CWE-352
Status
published
Products (1)
webatall/web\@all
2.0
Published
Jun 27, 2012
Tracked Since
Feb 18, 2026