CVE-2012-1498

Published: Mar 19, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.

Affected (13)

Products: Nikola Posa: Webfoliocms1.0.2, Webfoliocms1.0.3, Webfoliocms1.0.4, Webfoliocms1.0.5, Webfoliocms1.0.6, Webfoliocms1.0.7, Webfoliocms1.0.8, Webfoliocms1.0.9, Webfoliocms1.1.0, Webfoliocms1.1.1, Webfoliocms1.1.2, Webfoliocms1.1.3, Webfoliocms1.1.4

13 products

Webfoliocms1.0.2

Webfoliocms1.0.3

Webfoliocms1.0.4

Webfoliocms1.0.5

Webfoliocms1.0.6

Webfoliocms1.0.7

Webfoliocms1.0.8

Webfoliocms1.0.9

Webfoliocms1.1.0

Webfoliocms1.1.1

Webfoliocms1.1.2

Webfoliocms1.1.3

Webfoliocms1.1.4

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Nikola Posa Webfoliocms1.0.2	All versions
Nikola Posa Webfoliocms1.0.3	All versions
Nikola Posa Webfoliocms1.0.4	All versions
Nikola Posa Webfoliocms1.0.5	All versions
Nikola Posa Webfoliocms1.0.6	All versions
Nikola Posa Webfoliocms1.0.7	All versions
Nikola Posa Webfoliocms1.0.8	All versions
Nikola Posa Webfoliocms1.0.9	All versions
Nikola Posa Webfoliocms1.1.0	All versions
Nikola Posa Webfoliocms1.1.1	All versions
Nikola Posa Webfoliocms1.1.2	All versions
Nikola Posa Webfoliocms1.1.3	All versions
Nikola Posa Webfoliocms1.1.4	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (14)

http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

Source: cve@mitre.org

http://osvdb.org/79658

Source: cve@mitre.org

http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/48190

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/18536

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/52218

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/73575

Source: cve@mitre.org

http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/79658

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/48190

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/18536

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/52218

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/73575

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.