CVE-2012-6691

Published: May 20, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.

Affected (1)

Products: Oscmax: Oscmax

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oscmax Oscmax	Up to 2.5.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html

Source: cve@mitre.org

http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/74753

Source: cve@mitre.org

https://www.htbridge.com/advisory/HTB23081

Source: cve@mitre.org

Exploit

http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/74753

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.htbridge.com/advisory/HTB23081

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.