Today I’ve discovered multiple vulnerability into Fork CMS 3.2.5. I think there are also this vulnerabilities in version 3.2.6.
To download my Original Advisory:
https://sites.google.com/site/ivanobinetti/ForkCMS%203.2.5%20CSRF%20and%20XSS%20vulnetabilities.txt?attredirects=0&d=1
https://sites.google.com/site/ivanobinetti/ForkCMS%203.2.5%20CSRF%20and%20XSS%20vulnetabilities.txt?attredirects=0&d=1
Other pubblication related to these vulnerabilities:
http://packetstormsecurity.org/files/110048/ForkCMS-3.2.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18505/
http://secunia.com/advisories/48067
http://osvdb.org/show/osvdb/79444
http://xforce.iss.net/xforce/xfdb/73394
http://www.securelist.com/en/advisories/48067
www.1337day.com/exploits/17557