CVE-2012-4773

Name of the Vulnerable Software and Affected Versions Subrion CMS versions prior to 2.2.3

Description The issue allows remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information. This can be demonstrated by adding an administrator account via an add action to "admin/accounts/add/" API endpoint, exploiting the lack of proper CSRF protection.

Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/accounts/add/" API endpoint to minimize the risk of exploitation.