CVE-2012-4568

HIGH

LetoDMS < 3.3.7 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory, VDB Entry mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/10/06/1
Mailing List, Third Party Advisory, VDB Entry mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/10/31/7
Release Notes, Third Party Advisory x_refsource_confirm
http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG

Scores

CVSS v3 8.8
EPSS 0.0100
EPSS Percentile 58.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
letodms_project/letodms < 3.3.7
Published Oct 23, 2017
Tracked Since Feb 18, 2026