VYPR
Unrated severityNVD Advisory· Published Sep 18, 2012· Updated Jun 16, 2026

CVE-2012-1901

CVE-2012-1901

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Flexcms/Flexcms4 versions
    cpe:2.3:a:flexcms:flexcms:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:flexcms:flexcms:*:*:*:*:*:*:*:*range: <=3.2.1
    • cpe:2.3:a:flexcms:flexcms:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:flexcms:flexcms:2.5:*:*:*:*:*:*:*
    • (no CPE)range: <=3.2.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.