CVE-2012-6508

Name of the Vulnerable Software and Affected Versions NetArt Media Car Portal version 3.0

Description The issue allows remote attackers to hijack the authentication of administrators for various requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. Specifically, attackers can change arbitrary user passwords via a nouveau action in the security module to "cars/ADMIN/index.php", create a user or create a sub-user via a sub accounts action in the home module to "USERS/index.php", or change profile information via an edit action in the profile module to "USERS/index.php".

Recommendations For NetArt Media Car Portal version 3.0, consider disabling the nouveau action in the security module, the sub accounts action in the home module, and the edit action in the profile module as a temporary workaround until a patch is available. Restrict access to the affected modules to minimize the risk of exploitation. Avoid using the affected actions in the respective modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.