Unrated severityNVD Advisory· Published May 20, 2015· Updated May 6, 2026

CVE-2012-6691

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.

Affected products

Oscmax/Oscmax
cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*
Range: <=2.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.htbridge.com/advisory/HTB23081nvdExploit
www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_updatenvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2012-04/0021.htmlnvd
www.securityfocus.com/bid/74753nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000