CVE-2012-3859

Netsweeper WebAdmin Portal - Impact Unknown

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3859. PoCs published by Jacob Holcomb.

AI-analyzed exploit summary This exploit demonstrates CSRF, reflective XSS, and SQL injection vulnerabilities in Netsweeper WebAdmin Portal. The CSRF creates an admin account, the XSS triggers via POST request, and the SQLi occurs in the sortorder and sortitem parameters.

Description

Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.

Exploits (1)

exploitdb WORKING POC

by Jacob Holcomb · textwebappsphp

https://www.exploit-db.com/exploits/21330

View Code ZIP pw:eip

This exploit demonstrates CSRF, reflective XSS, and SQL injection vulnerabilities in Netsweeper WebAdmin Portal. The CSRF creates an admin account, the XSS triggers via POST request, and the SQLi occurs in the sortorder and sortitem parameters.

Classification

Working Poc 95%

Attack Type

Xss | Sqli | Csrf

Complexity

Trivial

Reliability

Reliable

Target: Netsweeper Internet Filter WebAdmin Portal

Auth required

Prerequisites: Victim must be logged into the WebAdmin Portal for CSRF · Reflective XSS requires user interaction · SQLi requires access to vulnerable endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources x_refsource_misc

http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html

Scores

EPSS 0.0292

EPSS Percentile 85.2%

Details

Status published

Products (1)

netsweeper/netsweeper

Published Jul 09, 2012

Tracked Since Feb 18, 2026