Published: 20/05/2015 Updated: 05/10/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

template cms project template cms


Advisory ID: HTB23115 Product: Template CMS Vendor: template-cmsru Vulnerable Version(s): 211 and probably prior Tested Version: 211 Vendor Notification: September 12, 2012 Public Disclosure: October 3, 2012 Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352] CVE References: CVE-2012-4901, CVE-2012-4902 CV ...

Mailing Lists

Template CMS version 211 suffers from cross site request forgery and cross site scripting vulnerabilities ...