Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5387

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-5387
Last Modified 19 Aug 2013 11:18:18
Published 24 Oct 2012 01:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5387

Summary

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Vulnerable Systems

Application

  • Videousermanuals White-label-cms 1.0.2

  • Videousermanuals White-label-cms 1.0.3

  • Videousermanuals White-label-cms 1.0.4

  • Videousermanuals White-label-cms 1.0.5

  • Videousermanuals White-label-cms 1.1

  • Videousermanuals White-label-cms 1.2

  • Videousermanuals White-label-cms 1.3

  • Videousermanuals White-label-cms 1.4

  • Videousermanuals White-label-cms 1.4.1

  • Videousermanuals White-label-cms 1.4.2

  • Videousermanuals White-label-cms 1.4.3

  • Videousermanuals White-label-cms 1.4.4

  • Videousermanuals White-label-cms 1.4.5

  • Videousermanuals White-label-cms 1.4.6

  • Videousermanuals White-label-cms 1.4.7

  • Videousermanuals White-label-cms 1.5


References

CONFIRM - http://wordpress.org/extend/plugins/white-label-cms/changelog/

EXPLOIT-DB - 22156

OSVDB - 86568

BID - 56166

XF - wp-whitelabelcms-admin-csrf(79520)

MISC - http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html


Last Updated: 27 May 2016 10:49:43