CVE-2012-4877

Flatnux < 2011-08-09-2 - Cross-Site Request Forgery in controlcenter.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4877. PoCs published by Vulnerability Laboratory.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Flatnux, allowing an attacker to create a new user with arbitrary credentials via a crafted HTML form. The PoC submits a form to the target application, bypassing authentication requirements.

Description

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vulnerability Laboratory · htmlwebappsphp

https://www.exploit-db.com/exploits/37035

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Flatnux, allowing an attacker to create a new user with arbitrary credentials via a crafted HTML form. The PoC submits a form to the target application, bypassing authentication requirements.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Flatnux (versions 2011-08.09.2, 2011-2012-01.03.3, and others)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK