Published: 20/05/2015 Updated: 05/10/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
template cms project template cms

Advisory ID: HTB23115 Product: Template CMS Vendor: template-cmsru Vulnerable Version(s): 211 and probably prior Tested Version: 211 Vendor Notification: September 12, 2012 Public Disclosure: October 3, 2012 Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352] CVE References: CVE-2012-4901, CVE-2012-4902 CV ...

Template CMS version 211 suffers from cross site request forgery and cross site scripting vulnerabilities ...

CWE-352 https://www.htbridge.com/advisory/HTB23115 http://www.securityfocus.com/bid/55766 http://osvdb.org/85896 https://www.exploit-db.com/exploits/21742/https://nvd.nist.gov https://www.exploit-db.com/exploits/21742/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-4902

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect