CVE-2012-5450

Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
cmsmadesimplecms_made_simple
𝑥
≤ 1.11.2
cmsmadesimplecms_made_simple
0.1
cmsmadesimplecms_made_simple
0.2
cmsmadesimplecms_made_simple
0.2.1
cmsmadesimplecms_made_simple
0.3
cmsmadesimplecms_made_simple
0.3.1
cmsmadesimplecms_made_simple
0.3.2
cmsmadesimplecms_made_simple
0.4
cmsmadesimplecms_made_simple
0.4.1
cmsmadesimplecms_made_simple
0.5
cmsmadesimplecms_made_simple
0.5.1
cmsmadesimplecms_made_simple
0.6
cmsmadesimplecms_made_simple
0.6.1
cmsmadesimplecms_made_simple
0.6.2
cmsmadesimplecms_made_simple
0.6.3
cmsmadesimplecms_made_simple
0.7
cmsmadesimplecms_made_simple
0.7.1
cmsmadesimplecms_made_simple
0.7.2
cmsmadesimplecms_made_simple
0.7.3
cmsmadesimplecms_made_simple
0.8
cmsmadesimplecms_made_simple
0.8.1
cmsmadesimplecms_made_simple
0.8.2
cmsmadesimplecms_made_simple
0.9
cmsmadesimplecms_made_simple
0.9.1
cmsmadesimplecms_made_simple
0.9.2
cmsmadesimplecms_made_simple
0.10
cmsmadesimplecms_made_simple
0.10.1
cmsmadesimplecms_made_simple
0.10.2
cmsmadesimplecms_made_simple
0.10.3
cmsmadesimplecms_made_simple
0.10.4
cmsmadesimplecms_made_simple
0.11
cmsmadesimplecms_made_simple
0.11.1
cmsmadesimplecms_made_simple
0.11.2
cmsmadesimplecms_made_simple
0.12
cmsmadesimplecms_made_simple
0.12.1
cmsmadesimplecms_made_simple
0.12.2
cmsmadesimplecms_made_simple
0.13
cmsmadesimplecms_made_simple
1.0
cmsmadesimplecms_made_simple
1.0.1
cmsmadesimplecms_made_simple
1.0.2
cmsmadesimplecms_made_simple
1.0.3
cmsmadesimplecms_made_simple
1.0.4
cmsmadesimplecms_made_simple
1.0.5
cmsmadesimplecms_made_simple
1.0.6
cmsmadesimplecms_made_simple
1.1
cmsmadesimplecms_made_simple
1.1.1
cmsmadesimplecms_made_simple
1.1.2
cmsmadesimplecms_made_simple
1.1.3
cmsmadesimplecms_made_simple
1.1.3.1
cmsmadesimplecms_made_simple
1.1.4
cmsmadesimplecms_made_simple
1.2
cmsmadesimplecms_made_simple
1.2.1
cmsmadesimplecms_made_simple
1.2.2
cmsmadesimplecms_made_simple
1.2.3
cmsmadesimplecms_made_simple
1.2.4
cmsmadesimplecms_made_simple
1.2.5
cmsmadesimplecms_made_simple
1.3
cmsmadesimplecms_made_simple
1.3:beta1
cmsmadesimplecms_made_simple
1.3:beta2
cmsmadesimplecms_made_simple
1.4
cmsmadesimplecms_made_simple
1.4.1
cmsmadesimplecms_made_simple
1.5
cmsmadesimplecms_made_simple
1.5.1
cmsmadesimplecms_made_simple
1.5.2
cmsmadesimplecms_made_simple
1.5.3
cmsmadesimplecms_made_simple
1.5.4
cmsmadesimplecms_made_simple
1.6
cmsmadesimplecms_made_simple
1.6.1
cmsmadesimplecms_made_simple
1.6.2
cmsmadesimplecms_made_simple
1.6.3
cmsmadesimplecms_made_simple
1.6.4
cmsmadesimplecms_made_simple
1.6.5
cmsmadesimplecms_made_simple
1.6.6
cmsmadesimplecms_made_simple
1.6.7
cmsmadesimplecms_made_simple
1.7
cmsmadesimplecms_made_simple
1.7.1
cmsmadesimplecms_made_simple
1.8
cmsmadesimplecms_made_simple
1.8.1
cmsmadesimplecms_made_simple
1.8.2
cmsmadesimplecms_made_simple
1.9
cmsmadesimplecms_made_simple
1.9.1
cmsmadesimplecms_made_simple
1.9.2
cmsmadesimplecms_made_simple
1.9.3
cmsmadesimplecms_made_simple
1.9.4
cmsmadesimplecms_made_simple
1.9.4.1
cmsmadesimplecms_made_simple
1.9.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/51185
http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
https://www.htbridge.com/advisory/HTB23121
http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/51185
http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
https://www.htbridge.com/advisory/HTB23121