CSRF in Intelliants Subrion_cms

CVE-2012-4773

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.044 (89.3th percentile) — read the EPSS interpretation.

Affected products

Intelliants Subrion_cms — versions 2.0.4, 2.2.0, 2.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20121017 Multiple vulnerabilities in Subrion CMS (mailing-list, Exploit, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
subrioncms-addadmin-csrf(78469) (vdb-entry, x_refsource_XF)
subrioncms-add-csrf(79469) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
85999 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
51013 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)