Razorcms
CVE-2012-5918
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
AnalysisAI
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. Affected products include: Razorcms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8),
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directorie
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulner
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulne
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium sev
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today