CVE-2012-1414

Name of the Vulnerable Software and Affected Versions Plume CMS versions 1.2.4 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.

Recommendations For Plume CMS versions 1.2.4 and earlier, as a temporary workaround, consider restricting access to the manager/news.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.