CyberSec.Space Logo
Back to CVE Browser

CVE-2012-4877

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile42.01th
PublishedSep 6, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Affected Platforms (CPE)

πŸ“¦
Flatnux

Flatnux

<= 2011-08-09-2
πŸ“¦
Flatnux

Flatnux

= 2008-12-11
πŸ“¦
Flatnux

Flatnux

= 2009-01-27
πŸ“¦
Flatnux

Flatnux

= 2009-02-04

References & Advisories

πŸ”— http://osvdb.org/80878
πŸ”— http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html
πŸ”— http://secunia.com/advisories/48656
πŸ”— http://www.securityfocus.com/bid/52846
πŸ”— http://www.vulnerability-lab.com/get_content.php?id=487
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/74567
πŸ”— http://osvdb.org/80878
πŸ”— http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

Related Vulnerabilities

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.

CVE-2009-05725.1

PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when regi...

CVE-2012-48785.0

Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitr...

CVE-2008-57614.3

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arb...