CVE-2012-4325

Utopia News Pro < 1.4.0 - Cross-Site Request Forgery via upload/users.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4325. PoCs published by Dr.NaNo.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Utopia News Pro 1.4.0, allowing an attacker to add an admin user by tricking an authenticated user into submitting a malicious form.

Description

Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Dr.NaNo · textwebappsphp
https://www.exploit-db.com/exploits/18720

This exploit demonstrates a CSRF vulnerability in Utopia News Pro 1.4.0, allowing an attacker to add an admin user by tricking an authenticated user into submitting a malicious form.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Utopia News Pro 1.4.0
Auth required
Prerequisites: Victim must be authenticated and tricked into submitting the form
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18720
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/80986
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74760

Scores

EPSS 0.0107
EPSS Percentile 61.0%

Details

CWE
CWE-352
Status published
Products (1)
utopiasoftware/news_pro < 1.4.0
Published Aug 14, 2012
Tracked Since Feb 18, 2026