Cross-Site Request Forgery Vulnerabilities in SocialEngine Plugins
CVE-2012-6721

6.3MEDIUM

Key Information:

Vendor: Socialengine
Status: Socialengine
Vendor: CVE Published:; 11 February 2020

🔔 Create Socialengine Vulnerability Alert

What is CVE-2012-6721?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in the SocialEngine platform, specifically affecting the Forum, Event, and Classifieds plugins prior to version 4.2.4. These vulnerabilities could allow an attacker to execute unauthorized actions on behalf of a user without their consent, possibly leading to data leakage or user account compromise.

References

https://seclists.org/oss-sec/2012/q2/396

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Feb 11, 2020

CVE-2012-6721 Data

JSON