Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0990

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-0990
Last Modified 08 Feb 2012 08:36:21
Published 07 Feb 2012 04:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0990

Summary

Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.

Vulnerable Systems

Application

  • Dclassifieds 0.1


References

MISC - https://www.htbridge.ch/advisory/HTB23067

XF - dclassifieds-settings-csrf(72733)

BID - 51671

OSVDB - 78557

CONFIRM - http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download

SECUNIA - 47691

BUGTRAQ - 20120125 CSRF (Cross-Site Request Forgery) in DClassifieds


Last Updated: 27 May 2016 10:56:28