CVE-2012-3362
extplorer < 2.1.0 - Cross-Site Request Forgery via Add User Admin Action
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2510
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/25/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/24/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/26/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/27/1
Scores
EPSS
0.0089
EPSS Percentile
55.0%
Details
CWE
CWE-352
Status
published
Products (1)
extplorer/extplorer
< 2.1.0
Published
Jul 12, 2012
Tracked Since
Feb 18, 2026