CVE-2012-4773

Subrion CMS <2.2.3 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

Exploits (2)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/21267

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/22159

View Code ZIP pw:eip

References (10)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html

[Exploit] http://packetstormsecurity.org/files/116433

[Exploit, Third Party Advisory] http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html

[Vendor Advisory] http://secunia.com/advisories/51013

[Vendor Advisory] http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html

[Exploit] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php

[Exploit] https://www.htbridge.com/advisory/HTB23113

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78469

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79469

[Third Party Advisory, VDB Entry] http://www.osvdb.org/85999

Scores

EPSS 0.0445

EPSS Percentile 89.1%

Details

CWE

CWE-352

Status published

Products (4)

intelliants/subrion_cms 2.0.4

intelliants/subrion_cms 2.2.0

intelliants/subrion_cms 2.2.1

intelliants/subrion_cms < 2.2.2

Published Oct 22, 2012

Tracked Since Feb 18, 2026