CVE-2012-1058

Sažetak

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Reference

http://osvdb.org/78923
http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/47881
http://www.exploit-db.com/exploits/18468
https://exchange.xforce.ibmcloud.com/vulnerabilities/73051

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

14-02-2012 - 00:55