CVE-2012-5326

IDevSpot iSupport <1 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.

Exploits (1)

exploitdb WORKING POC

by Or4nG.M4N · perlwebappsphp

https://www.exploit-db.com/exploits/18404

View Code ZIP pw:eip

References (2)

[Exploit] http://www.exploit-db.com/exploits/18404

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72611

Scores

EPSS 0.0031

EPSS Percentile 54.1%

Details

CWE

CWE-352

Status published

Products (4)

idevspot/isupport 1.0

idevspot/isupport 1.02

idevspot/isupport 1.06

idevspot/isupport 1.8

Published Oct 08, 2012

Tracked Since Feb 18, 2026