CVE-2012-1901

Name: CVE-2012-1901
Creator: NVD / NIST
Published: 2012-09-18T18:55:05.303+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.12%

Last modified Jun 16, 2026

CVE-2012-1901 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.

Metrics

EPSS Probability

1.12%

61.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Flexcms	Flexcms	<= 3.2.1
Flexcms	Flexcms	2.0
Flexcms	Flexcms	2.5

References

Timeline

Published: Sep 18, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1901?

How severe is CVE-2012-1901?

Severity scoring for CVE-2012-1901 is pending analysis. The EPSS model estimates a 1.12% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1901?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1901?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST