Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4448

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4448
Last Modified 01 Oct 2012 12:00:00
Published 28 Sep 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4448

Summary

Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.

Vulnerable Systems

Application

  • Wordpress 3.4.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=860261

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=436198

SECUNIA - 50715

MISC - http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html

MLIST - [oss-security] 20120925 Re: CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard


Last Updated: 27 May 2016 11:00:50