FlexCMS 3.2.1(latest version) suffers from multiple CSRF vulnerabilities which could allow an attacker to change any parameters when an authenticated user/admin browses a special crafted web page. In this Advisory I’ve only demonstrate how to change settings of user “demo” (is default user of demo page) and also I’ve created a new web page.
To read more about them you can download my Original Advisory.
MITRE CVE Numbering Authority assigned me CVE-2012-1901
for this vulnerability,
Other related publications:
Offensive Security Exploit-DB
NIST – National Vulnerability Database
Secunia Advisory SA48451
Kaspersky Lab Advisory
Secunia published new Advisory regarding my discovered vulnerability which affects Razor cms 1.2.1 and lower.
To read more about Secunia’s Advisory:
Secunia SA39961 Advisory