CVE-2012-6508

NetArt Media Car Portal 3.0 - Cross-Site Request Forgery in Admin Security Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6508.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Car Portal CMS v3.0, including persistent XSS, CSRF, and arbitrary file upload flaws. It provides technical descriptions, vulnerable modules, and proof-of-concept examples for each issue.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/18801

This advisory details multiple vulnerabilities in Car Portal CMS v3.0, including persistent XSS, CSRF, and arbitrary file upload flaws. It provides technical descriptions, vulnerable modules, and proof-of-concept examples for each issue.

Classification
Writeup 95%
Attack Type
Xss | Csrf | Other
Complexity
Moderate
Reliability
Reliable
Target: Car Portal CMS v3.0
Auth required
Prerequisites: Access to vulnerable modules · Admin or user credentials for CSRF exploitation
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49010

Scores

EPSS 0.0109
EPSS Percentile 60.9%

Details

CWE
CWE-352
Status published
Products (1)
netartmedia/car_portal 3.0
Published Jan 24, 2013
Tracked Since Feb 18, 2026