Unrated severityNVD Advisory· Published Oct 7, 2012· Updated Apr 29, 2026
CVE-2012-1414
CVE-2012-1414
Description
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
Affected products
11cpe:2.3:a:plume-cms:plume_cms:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:plume-cms:plume_cms:*:*:*:*:*:*:*:*range: <=1.2.4
- cpe:2.3:a:plume-cms:plume_cms:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:plume-cms:plume_cms:1.2.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.