CVE-2012-4280

Free Realty 3.1-0.6 - Cross-Site Request Forgery in Agent Editor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4280. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed vulnerability writeup for CVE-2012-4280, describing multiple web vulnerabilities in Free Reality v3.1-0.6, including SQL injection, persistent XSS, and CSRF. It includes proof-of-concept examples for each vulnerability type.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/18874

This is a detailed vulnerability writeup for CVE-2012-4280, describing multiple web vulnerabilities in Free Reality v3.1-0.6, including SQL injection, persistent XSS, and CSRF. It includes proof-of-concept examples for each vulnerability type.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Free Reality v3.1-0.6
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18874
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53491
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49132

Scores

EPSS 0.0109
EPSS Percentile 60.9%

Details

CWE
CWE-352
Status published
Products (1)
rwcinc/free_realty 3.1-0.6
Published Aug 13, 2012
Tracked Since Feb 18, 2026