Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-4773

Published: 22/10/2012 Updated: 29/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Subrion Cms

Vulnerability Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS prior to 2.2.3 allow remote malicious users to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

Vulnerable Product Search on Vulmon Subscribe to Product

intelliants subrion cms 2.0.4

intelliants subrion cms

intelliants subrion cms 2.2.1

intelliants subrion cms 2.2.0

Exploits

Exploit DB: Subrion CMS 2.2.1 XSS / CSRF / SQL Injection
Subrion CMS version 221 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities ...
Exploit DB: Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
<!-- Title: Subrion CMS 221 CSRF Add Admin Exploit Vendor: Intelliants LLC Product web page: wwwsubrioncom Affected version: 221 Summary: Subrion is a free open source content management system It's written in PHP 5 and utilizes MySQL database Subrion CMS can be easily integrated into your current website or used as a stand a ...
Exploit DB: subrion CMS 2.2.1 - Multiple Vulnerabilities
Advisory ID: HTB23113 Product: Subrion CMS Vendor: The Subrion development team Vulnerable Version(s): 221 and probably prior Tested Version: 221 Vendor Notification: September 5, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352] CVE Referen ...

References

CWE-352http://packetstormsecurity.org/files/116433http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.htmlhttps://www.htbridge.com/advisory/HTB23113http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.phphttp://www.osvdb.org/85999http://secunia.com/advisories/51013http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79469https://exchange.xforce.ibmcloud.com/vulnerabilities/78469https://nvd.nist.govhttps://packetstormsecurity.com/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/21267/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook