CVE-2012-4773
published 2012-10-22CVE-2012-4773: Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.49%
87.7th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion_cms | <= 2.2.2 | — |
| intelliants | subrion_cms | — | — |
| intelliants | subrion_cms | — | — |
| intelliants | subrion_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
subrion CMS 2.2.1 - Multiple Vulnerabilities
exploitdb·2012-10-22·CVSS 4.3
CVE-2012-5452 [MEDIUM] subrion CMS 2.2.1 - Multiple Vulnerabilities
subrion CMS 2.2.1 - Multiple Vulnerabilities
---
Advisory ID: HTB23113
Product: Subrion CMS
Vendor: The Subrion development team
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Vendor Notification: September 5, 2012
Public Disclosure: October 17, 2012
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
CVE References: CVE-2012-4771, CVE-2012-4772, CVE-2012-4773
CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N), 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge Security Research Lab discovered multipl
Exploit-DB
Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
exploitdb·2012-09-12
CVE-2012-4773 Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
---
Subrion CMS 2.2.1 CSRF Add Admin Exploit
function forge(){document.getElementById("exploit").click();}
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.htmlhttp://packetstormsecurity.org/files/116433http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlhttp://secunia.com/advisories/51013http://www.osvdb.org/85999http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/78469https://exchange.xforce.ibmcloud.com/vulnerabilities/79469https://www.htbridge.com/advisory/HTB23113http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.htmlhttp://packetstormsecurity.org/files/116433http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlhttp://secunia.com/advisories/51013http://www.osvdb.org/85999http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/78469https://exchange.xforce.ibmcloud.com/vulnerabilities/79469https://www.htbridge.com/advisory/HTB23113
2012-10-22
Published