CVE-2012-4280

Name of the Vulnerable Software and Affected Versions Free Realty versions 3.1-0.6

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests, including adding an agent via an addagent action or modifying an agent.

Recommendations For Free Realty versions 3.1-0.6, as a temporary workaround, consider restricting access to the admin/agenteditor.php file until a patch is available. Avoid using the addagent action in the affected API endpoint until the issue is resolved.