CVE-2012-6493
Rapid7 Nexpose < 5.5.4 - Cross-Site Request Forgery via Site Deletion Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6493. PoCs published by Robert Gilbert.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Rapid7 Nexpose Security Console versions below 5.5.3, allowing an attacker to delete scan data and sites by tricking an authenticated user into submitting a malicious form.
Description
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Exploits (1)
This exploit demonstrates a CSRF vulnerability in Rapid7 Nexpose Security Console versions below 5.5.3, allowing an attacker to delete scan data and sites by tricking an authenticated user into submitting a malicious form.