CVE-2012-3231

web@all 2.0 - Cross-Site Request Forgery via do_addfile Action

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54109

Scores

EPSS 0.0153
EPSS Percentile 71.8%

Details

CWE
CWE-352
Status published
Products (1)
webatall/web\@all 2.0
Published Jun 27, 2012
Tracked Since Feb 18, 2026