CVE-2012-5452

Subrion CMS 2.2.1 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5452. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Subrion CMS 2.2.1, including SQL Injection (CVE-2012-4772), Cross-Site Scripting (CVE-2012-4771), and Cross-Site Request Forgery (CVE-2012-4773). It includes PoC code for each vulnerability, showcasing how arbitrary SQL code can be injected, XSS payloads executed, and CSRF attacks performed to create administrative accounts.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/22159

The exploit demonstrates multiple vulnerabilities in Subrion CMS 2.2.1, including SQL Injection (CVE-2012-4772), Cross-Site Scripting (CVE-2012-4771), and Cross-Site Request Forgery (CVE-2012-4773). It includes PoC code for each vulnerability, showcasing how arbitrary SQL code can be injected, XSS payloads executed, and CSRF attacks performed to create administrative accounts.

Classification
Working Poc 100%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Subrion CMS 2.2.1
No auth needed
Prerequisites: Access to the target Subrion CMS instance · For CSRF, an authenticated administrator session
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78467
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55502
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44917
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78468

Scores

EPSS 0.0508
EPSS Percentile 91.3%

Details

CWE
CWE-79
Status published
Products (1)
intelliants/subrion_cms 2.2.1
Published Oct 22, 2012
Tracked Since Feb 18, 2026