Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-01-24T01:00:00Z
Updated: 2024-09-16T19:50:56.006Z
Reserved: 2013-01-23T00:00:00Z
Link: CVE-2012-6508
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-01-24T01:55:04.677
Modified: 2013-01-29T05:00:00.000
Link: CVE-2012-6508
Redhat
No data.