CVE-2012-4325
Utopia News Pro < 1.4.0 - Cross-Site Request Forgery via upload/users.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4325. PoCs published by Dr.NaNo.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Utopia News Pro 1.4.0, allowing an attacker to add an admin user by tricking an authenticated user into submitting a malicious form.
Description
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dr.NaNo · textwebappsphp
https://www.exploit-db.com/exploits/18720
This exploit demonstrates a CSRF vulnerability in Utopia News Pro 1.4.0, allowing an attacker to add an admin user by tricking an authenticated user into submitting a malicious form.
Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Utopia News Pro 1.4.0
Auth required
Prerequisites:
Victim must be authenticated and tricked into submitting the form
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18720
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80986
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74760
Scores
EPSS
0.0107
EPSS Percentile
61.0%
Details
CWE
CWE-352
Status
published
Products (1)
utopiasoftware/news_pro
< 1.4.0
Published
Aug 14, 2012
Tracked Since
Feb 18, 2026