CVE-2012-1220

Sažetak

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Reference

http://secunia.com/advisories/47947
http://www.exploit-db.com/exploits/18464
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

21-02-2012 - 13:31