CVE-2012-6493

Rapid7 Nexpose < 5.5.4 - Cross-Site Request Forgery via Site Deletion Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6493. PoCs published by Robert Gilbert.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Rapid7 Nexpose Security Console versions below 5.5.3, allowing an attacker to delete scan data and sites by tricking an authenticated user into submitting a malicious form.

Description

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Robert Gilbert · textwebappsmultiple
https://www.exploit-db.com/exploits/23924

This exploit demonstrates a CSRF vulnerability in Rapid7 Nexpose Security Console versions below 5.5.3, allowing an attacker to delete scan data and sites by tricking an authenticated user into submitting a malicious form.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Rapid7 Nexpose Security Console < 5.5.3
No auth needed
Prerequisites: Authenticated user session in Nexpose Security Console · Victim must visit attacker-controlled page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/23924
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88923
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html
Patch, Vendor Advisory x_refsource_confirm
https://community.rapid7.com/docs/DOC-2155#release1

Scores

EPSS 0.0231
EPSS Percentile 81.3%

Details

CWE
CWE-352
Status published
Products (15)
rapid7/nexpose 5.4
rapid7/nexpose 5.4.1
rapid7/nexpose 5.4.2
rapid7/nexpose 5.4.3
rapid7/nexpose 5.4.4
rapid7/nexpose 5.4.5
rapid7/nexpose 5.4.6
rapid7/nexpose 5.4.7
rapid7/nexpose 5.4.8
rapid7/nexpose 5.4.9
... and 5 more
Published Feb 04, 2014
Tracked Since Feb 18, 2026