CVE-2012-6508

Netartmedia Car Portal - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/18801

References (3)

Scores

EPSS 0.0041
EPSS Percentile 61.6%

Details

CWE
CWE-352
Status published
Products (1)
netartmedia/car_portal 3.0
Published Jan 24, 2013
Tracked Since Feb 18, 2026