Cross-Site Request Forgery Vulnerability in Parallels H-Sphere by Parallels

CVE-2012-5004

What is CVE-2012-5004?

Parallels H-Sphere 3.3 Patch 1 is susceptible to multiple cross-site request forgery vulnerabilities that enable remote attackers to take over admin sessions. By crafting specially designed requests, attackers can manipulate admin actions, such as adding group plans or extra packages, without the administrator's consent. This vulnerability highlights significant risks associated with session security and the importance of implementing robust CSRF defenses to protect sensitive administrative operations.

References