Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5450

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-5450
Last Modified 04 Dec 2012 10:58:24
Published 03 Dec 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5450

Summary

Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.

Vulnerable Systems

Application

  • Cmsmadesimple Cms Made Simple 0.1

  • Cmsmadesimple Cms Made Simple 0.10

  • Cmsmadesimple Cms Made Simple 0.10.1

  • Cmsmadesimple Cms Made Simple 0.10.2

  • Cmsmadesimple Cms Made Simple 0.10.3

  • Cmsmadesimple Cms Made Simple 0.10.4

  • Cmsmadesimple Cms Made Simple 0.11

  • Cmsmadesimple Cms Made Simple 0.11.1

  • Cmsmadesimple Cms Made Simple 0.11.2

  • Cmsmadesimple Cms Made Simple 0.12

  • Cmsmadesimple Cms Made Simple 0.12.1

  • Cmsmadesimple Cms Made Simple 0.12.2

  • Cmsmadesimple Cms Made Simple 0.13

  • Cmsmadesimple Cms Made Simple 0.2

  • Cmsmadesimple Cms Made Simple 0.2.1

  • Cmsmadesimple Cms Made Simple 0.3

  • Cmsmadesimple Cms Made Simple 0.3.1

  • Cmsmadesimple Cms Made Simple 0.3.2

  • Cmsmadesimple Cms Made Simple 0.4

  • Cmsmadesimple Cms Made Simple 0.4.1

  • Cmsmadesimple Cms Made Simple 0.5

  • Cmsmadesimple Cms Made Simple 0.5.1

  • Cmsmadesimple Cms Made Simple 0.6

  • Cmsmadesimple Cms Made Simple 0.6.1

  • Cmsmadesimple Cms Made Simple 0.6.2

  • Cmsmadesimple Cms Made Simple 0.6.3

  • Cmsmadesimple Cms Made Simple 0.7

  • Cmsmadesimple Cms Made Simple 0.7.1

  • Cmsmadesimple Cms Made Simple 0.7.2

  • Cmsmadesimple Cms Made Simple 0.7.3

  • Cmsmadesimple Cms Made Simple 0.8

  • Cmsmadesimple Cms Made Simple 0.8.1

  • Cmsmadesimple Cms Made Simple 0.8.2

  • Cmsmadesimple Cms Made Simple 0.9

  • Cmsmadesimple Cms Made Simple 0.9.1

  • Cmsmadesimple Cms Made Simple 0.9.2

  • Cmsmadesimple Cms Made Simple 1.0

  • Cmsmadesimple Cms Made Simple 1.0.1

  • Cmsmadesimple Cms Made Simple 1.0.2

  • Cmsmadesimple Cms Made Simple 1.0.3

  • Cmsmadesimple Cms Made Simple 1.0.4

  • Cmsmadesimple Cms Made Simple 1.0.5

  • Cmsmadesimple Cms Made Simple 1.0.6

  • Cmsmadesimple Cms Made Simple 1.1

  • Cmsmadesimple Cms Made Simple 1.1.1

  • Cmsmadesimple Cms Made Simple 1.1.2

  • Cmsmadesimple Cms Made Simple 1.1.3

  • Cmsmadesimple Cms Made Simple 1.1.3.1

  • Cmsmadesimple Cms Made Simple 1.1.4

  • Cmsmadesimple Cms Made Simple 1.11.2

  • Cmsmadesimple Cms Made Simple 1.2

  • Cmsmadesimple Cms Made Simple 1.2.1

  • Cmsmadesimple Cms Made Simple 1.2.2

  • Cmsmadesimple Cms Made Simple 1.2.3

  • Cmsmadesimple Cms Made Simple 1.2.4

  • Cmsmadesimple Cms Made Simple 1.2.5

  • Cmsmadesimple Cms Made Simple 1.3

  • Cmsmadesimple Cms Made Simple 1.4

  • Cmsmadesimple Cms Made Simple 1.4.1

  • Cmsmadesimple Cms Made Simple 1.5

  • Cmsmadesimple Cms Made Simple 1.5.1

  • Cmsmadesimple Cms Made Simple 1.5.2

  • Cmsmadesimple Cms Made Simple 1.5.3

  • Cmsmadesimple Cms Made Simple 1.5.4

  • Cmsmadesimple Cms Made Simple 1.6

  • Cmsmadesimple Cms Made Simple 1.6.1

  • Cmsmadesimple Cms Made Simple 1.6.2

  • Cmsmadesimple Cms Made Simple 1.6.3

  • Cmsmadesimple Cms Made Simple 1.6.4

  • Cmsmadesimple Cms Made Simple 1.6.5

  • Cmsmadesimple Cms Made Simple 1.6.6

  • Cmsmadesimple Cms Made Simple 1.6.7

  • Cmsmadesimple Cms Made Simple 1.7

  • Cmsmadesimple Cms Made Simple 1.7.1

  • Cmsmadesimple Cms Made Simple 1.8

  • Cmsmadesimple Cms Made Simple 1.8.1

  • Cmsmadesimple Cms Made Simple 1.8.2

  • Cmsmadesimple Cms Made Simple 1.9

  • Cmsmadesimple Cms Made Simple 1.9.1

  • Cmsmadesimple Cms Made Simple 1.9.2

  • Cmsmadesimple Cms Made Simple 1.9.3

  • Cmsmadesimple Cms Made Simple 1.9.4

  • Cmsmadesimple Cms Made Simple 1.9.4.1

  • Cmsmadesimple Cms Made Simple 1.9.4.2


References

MISC - https://www.htbridge.com/advisory/HTB23121

XF - cmsmadesimple-images-csrf(79881)

CONFIRM - http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498

SECUNIA - 51185

MISC - http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html

CONFIRM - http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

BUGTRAQ - 20121107 Cross-Site Request Forgery (CSRF) in CMS Made Simple


Last Updated: 27 May 2016 11:01:26