CVE-2012-1416

Name of the Vulnerable Software and Affected Versions SocialCMS version 1.0.2

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The requests in question are those that add administrator accounts via a "member new" action to "my admin/admin1 members.php" or modify the default site title via a "save" action to "my admin/admin1 configuration.php".

Recommendations For SocialCMS version 1.0.2, as a temporary workaround, consider restricting access to the "my admin/admin1 members.php" and "my admin/admin1 configuration.php" files to minimize the risk of exploitation. Avoid using the "member new" and "save" actions in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.