Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1227

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1227
Last Modified 24 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1227

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

Vulnerable Systems

Application

  • Pluck-cms Pluck 4.7


References

EXPLOIT-DB - 18474

SECUNIA - 47934

OSVDB - 79005


Last Updated: 27 May 2016 10:58:18