CSRF in Cerberusftp Ftp_server

CVE-2012-2999

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) rec…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (23.9th percentile) — read the EPSS interpretation.

Affected products

Cerberusftp Ftp_server — versions 1.0, 1.01, 1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

VU#989684 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM)
55788 (vdb-entry, x_refsource_BID)