CVE-2015-2912

HIGH

OrientDB Server Community Edition <2.0.15 & <2.1.x - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-2912. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary The repository contains OrientDB source code files but lacks any exploit code or technical analysis related to CVE-2015-2912. It appears to be a partial or mislabeled repository without functional PoC or vulnerability details.

Description

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

Exploits (2)

nomisec STUB
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2015-2912-orientdb-vulnerable

The repository contains OrientDB source code files but lacks any exploit code or technical analysis related to CVE-2015-2912. It appears to be a partial or mislabeled repository without functional PoC or vulnerability details.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: OrientDB (version unspecified)
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec STUB
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2015-2912-orientdb-vulnerable

This repository appears to be a fork of the OrientDB project itself rather than an exploit PoC. It contains the full source code of OrientDB but lacks any exploit-specific code or technical analysis related to CVE-2015-2912.

Classification
Stub 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: OrientDB
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/845332
Vendor Advisory x_refsource_confirm
https://github.com/orientechnologies/orientdb/issues/4824

Scores

CVSS v3 8.8
EPSS 0.0021
EPSS Percentile 44.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (3)
com.orientechnologies/orientdb-studio 0 - 2.0.15Maven
orientdb/orientdb 2.1.0
orientdb/orientdb < 2.0.14
Published Dec 31, 2015
Tracked Since Feb 18, 2026