CVE-2012-1416
published 2012-10-08CVE-2012-1416: Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| socialcms | socialcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SocialCMS 1.0.2 - Cross-Site Request Forgery
exploitdb·2012-02-16
CVE-2012-1416 SocialCMS 1.0.2 - Cross-Site Request Forgery
SocialCMS 1.0.2 - Cross-Site Request Forgery
---
+-------------------------------------------------------------------------+
# Exploit Title : Socialcms CSRF Vulnerability
# Date : 16-02-2012
# Author : Ivano Binetti (http://ivanobinetti.com)
# Vendor site : http://socialcms.com
# Software link : http://sourceforge.net/projects/socialcms/files/latest/download
# Version : 1.0.2
# Tested on : Debian Squeeze (6.0)
+-------------------------------------------------------------------------+
+---+[Add Admin Account by Ivano Binetti]---+
I'm adding ADMIN account using CSRF Vulnerability
+----------------+
Exploit-DB
SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities
exploitdb·2011-04-20
CVE-2012-1416 SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities
SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities
---
Date: Wed 20 april 2011 11:18:22 AM
Vendor: www.socialcms.com
Download: http://sourceforge.net/projects/socialcms/
--->
****************-------**DCI2k7**--------*****************
[+] Greetings :[ mywisdom - kiddies - kamtiez - r3m1ck - aciz_n1nj4 | mozartklik |syafm0vic-
skuteng_boy - blue_screen - agdi_cool - dangercode14045 - dewancc and YOU!!!! ] ;
[+] Forum [as member] : http://indonesian-cyber.org | http://tecon-crew.org |
http://devilzc0de.org | http://santricyber.org | http://indonesiancoder.com |
http://cyber4rt.com And OTHER's
Cause i'm Alone!!
No writeups or analysis indexed.
http://secunia.com/advisories/44313http://www.exploit-db.com/exploits/17193http://www.exploit-db.com/exploits/18487http://www.osvdb.org/71930https://exchange.xforce.ibmcloud.com/vulnerabilities/66985http://secunia.com/advisories/44313http://www.exploit-db.com/exploits/17193http://www.exploit-db.com/exploits/18487http://www.osvdb.org/71930https://exchange.xforce.ibmcloud.com/vulnerabilities/66985
2012-10-08
Published