CVE-2012-5450

EUVD-2012-5369
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
cmsmadesimplecms_made_simple
𝑥
≤ 1.11.2
cmsmadesimplecms_made_simple
0.1
cmsmadesimplecms_made_simple
0.2
cmsmadesimplecms_made_simple
0.2.1
cmsmadesimplecms_made_simple
0.3
cmsmadesimplecms_made_simple
0.3.1
cmsmadesimplecms_made_simple
0.3.2
cmsmadesimplecms_made_simple
0.4
cmsmadesimplecms_made_simple
0.4.1
cmsmadesimplecms_made_simple
0.5
cmsmadesimplecms_made_simple
0.5.1
cmsmadesimplecms_made_simple
0.6
cmsmadesimplecms_made_simple
0.6.1
cmsmadesimplecms_made_simple
0.6.2
cmsmadesimplecms_made_simple
0.6.3
cmsmadesimplecms_made_simple
0.7
cmsmadesimplecms_made_simple
0.7.1
cmsmadesimplecms_made_simple
0.7.2
cmsmadesimplecms_made_simple
0.7.3
cmsmadesimplecms_made_simple
0.8
cmsmadesimplecms_made_simple
0.8.1
cmsmadesimplecms_made_simple
0.8.2
cmsmadesimplecms_made_simple
0.9
cmsmadesimplecms_made_simple
0.9.1
cmsmadesimplecms_made_simple
0.9.2
cmsmadesimplecms_made_simple
0.10
cmsmadesimplecms_made_simple
0.10.1
cmsmadesimplecms_made_simple
0.10.2
cmsmadesimplecms_made_simple
0.10.3
cmsmadesimplecms_made_simple
0.10.4
cmsmadesimplecms_made_simple
0.11
cmsmadesimplecms_made_simple
0.11.1
cmsmadesimplecms_made_simple
0.11.2
cmsmadesimplecms_made_simple
0.12
cmsmadesimplecms_made_simple
0.12.1
cmsmadesimplecms_made_simple
0.12.2
cmsmadesimplecms_made_simple
0.13
cmsmadesimplecms_made_simple
1.0
cmsmadesimplecms_made_simple
1.0.1
cmsmadesimplecms_made_simple
1.0.2
cmsmadesimplecms_made_simple
1.0.3
cmsmadesimplecms_made_simple
1.0.4
cmsmadesimplecms_made_simple
1.0.5
cmsmadesimplecms_made_simple
1.0.6
cmsmadesimplecms_made_simple
1.1
cmsmadesimplecms_made_simple
1.1.1
cmsmadesimplecms_made_simple
1.1.2
cmsmadesimplecms_made_simple
1.1.3
cmsmadesimplecms_made_simple
1.1.3.1
cmsmadesimplecms_made_simple
1.1.4
cmsmadesimplecms_made_simple
1.2
cmsmadesimplecms_made_simple
1.2.1
cmsmadesimplecms_made_simple
1.2.2
cmsmadesimplecms_made_simple
1.2.3
cmsmadesimplecms_made_simple
1.2.4
cmsmadesimplecms_made_simple
1.2.5
cmsmadesimplecms_made_simple
1.3
cmsmadesimplecms_made_simple
1.3:beta1
cmsmadesimplecms_made_simple
1.3:beta2
cmsmadesimplecms_made_simple
1.4
cmsmadesimplecms_made_simple
1.4.1
cmsmadesimplecms_made_simple
1.5
cmsmadesimplecms_made_simple
1.5.1
cmsmadesimplecms_made_simple
1.5.2
cmsmadesimplecms_made_simple
1.5.3
cmsmadesimplecms_made_simple
1.5.4
cmsmadesimplecms_made_simple
1.6
cmsmadesimplecms_made_simple
1.6.1
cmsmadesimplecms_made_simple
1.6.2
cmsmadesimplecms_made_simple
1.6.3
cmsmadesimplecms_made_simple
1.6.4
cmsmadesimplecms_made_simple
1.6.5
cmsmadesimplecms_made_simple
1.6.6
cmsmadesimplecms_made_simple
1.6.7
cmsmadesimplecms_made_simple
1.7
cmsmadesimplecms_made_simple
1.7.1
cmsmadesimplecms_made_simple
1.8
cmsmadesimplecms_made_simple
1.8.1
cmsmadesimplecms_made_simple
1.8.2
cmsmadesimplecms_made_simple
1.9
cmsmadesimplecms_made_simple
1.9.1
cmsmadesimplecms_made_simple
1.9.2
cmsmadesimplecms_made_simple
1.9.3
cmsmadesimplecms_made_simple
1.9.4
cmsmadesimplecms_made_simple
1.9.4.1
cmsmadesimplecms_made_simple
1.9.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/51185
http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
https://www.htbridge.com/advisory/HTB23121
http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/51185
http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
https://www.htbridge.com/advisory/HTB23121