製品・ソフトウェアに関する情報

JVN脆弱性詳細

CMS Made Simple におけるクロスサイトリクエストフォージェリ脆弱性

Title	CMS Made Simple におけるクロスサイトリクエストフォージェリ脆弱性
Summary	CMS Made Simple (CMSMS) の lib/filemanager/imagemanager/images.php には、クロスサイトリクエストフォージェリ脆弱性が存在します。
Possible impacts	第三者により、deld パラメータを介して、任意のファイルを削除するリクエストに対する管理者認証をハイジャックされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 17, 2012, midnight
Registration Date	Dec. 5, 2012, 2:30 p.m.
Last Update	Dec. 5, 2012, 2:30 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

CMS Made Simple

CMS Made Simple 1.11.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-5450	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5450
National Vulnerability Database (NVD)
2	CVE-2012-5450	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5450

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-352	https://jvndb.jvn.jp/ja/cwe/CWE-352.html

ベンダー情報

No	Name	URL
CMS Made Simple
1	/trunk/lib/filemanager/ImageManager/Classes/ImageManager.php リビジョン 7476 と 8400	http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
2	Announcing CMSMS 1.11.2.1	http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

Change Log

No	Changed Details	Date of change
0	[2012年12月05日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-5450

Summary	Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
Publication Date	Dec. 4, 2012, 6:55 a.m.
Registration Date	Jan. 28, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 10:44 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple::::::::		1.11.2
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta1::::::
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta2::::::
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html	Exploit
2	http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html	Exploit
3	http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
4	http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
5	http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html	Exploit
6	http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html	Exploit
7	http://secunia.com/advisories/51185	Vendor Advisory
8	http://secunia.com/advisories/51185	Vendor Advisory
9	http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
10	http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
13	https://www.htbridge.com/advisory/HTB23121	Exploit
14	https://www.htbridge.com/advisory/HTB23121	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple::::::::		1.11.2
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta1::::::
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta2::::::
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.1:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:::::::*
cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:::::::*