CVE-2012-4877

FlatnuX CMS <2011 08.09.2 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vulnerability Laboratory · htmlwebappsphp

https://www.exploit-db.com/exploits/37035

View Code ZIP pw:eip

References (6)

[Exploit] http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

[Vendor Advisory] http://secunia.com/advisories/48656

[Exploit] http://www.securityfocus.com/bid/52846

[Various Sources] http://www.vulnerability-lab.com/get_content.php?id=487

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74567

[Third Party Advisory, VDB Entry] http://osvdb.org/80878

Scores

EPSS 0.0375

EPSS Percentile 88.1%

Details

CWE

CWE-352

Status published

Products (4)

flatnux/flatnux 2008-12-11

flatnux/flatnux 2009-01-27

flatnux/flatnux 2009-02-04

flatnux/flatnux < 2011-08-09-2

Published Sep 06, 2012

Tracked Since Feb 18, 2026