CVE-2012-1498

Name of the Vulnerable Software and Affected Versions Webfolio CMS versions 1.1.4 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests. This can be done through "admin/users/add" or "admin/pages/edit/web page name" API endpoints. Specifically, the attack can add an administrator via an add action or modify a web page via a save action.

Recommendations For Webfolio CMS versions 1.1.4 and earlier, update to a version later than 1.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the "admin/users/add" and "admin/pages/edit/web page name" API endpoints to minimize the risk of exploitation.