CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-4877

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile42.01th
Published2012年9月6日
Last Modified2026年4月29日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Affected Platforms (CPE)

📦
Flatnux

Flatnux

<= 2011-08-09-2
📦
Flatnux

Flatnux

= 2008-12-11
📦
Flatnux

Flatnux

= 2009-01-27
📦
Flatnux

Flatnux

= 2009-02-04

References & Advisories

🔗 http://osvdb.org/80878
🔗 http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html
🔗 http://secunia.com/advisories/48656
🔗 http://www.securityfocus.com/bid/52846
🔗 http://www.vulnerability-lab.com/get_content.php?id=487
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/74567
🔗 http://osvdb.org/80878
🔗 http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

関連する脆弱性情報

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.

CVE-2009-05725.1

PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when regi...

CVE-2012-48785.0

Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitr...

CVE-2008-57614.3

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arb...