vendor:
by:
Ivano Binetti
N/A
CVSS
N/A
CSRF
CWE
Product Name:
Affected Version From: 1.2.4 (latest) and lower
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Debian Squeeze (6.0)
2012
PlumeCMS <= 1.2.4 CSRF Vulnerability
PlumeCMS is prone to a CSRF Vulnerability which allows an attacker to insert and publish "News" (as PlumeCMS names his articles) when an authenticated admin browses a web page containing the provided HTML/Javascript code.
Mitigation:
Unknown