CVE-2012-0699

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to…

mitre·CWE-352·Published 2018-01-11

CVSS

—

EPSS

0.04

KEV

Exploits

cve.orgen

303 chars

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

NVDen

303 chars

NVDes

378 chars

Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en Family Connections CMS (también conocido como FCMS), en versiones 2.9 y anteriores, permiten que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que (1) añaden noticias mediante una acción add en familynews.php o (2) añaden un prayer mediante una acción add en prayers.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H