Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1058

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-1058
Last Modified 14 Feb 2012 11:01:40
Published 13 Feb 2012 07:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-1058

Summary

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Vulnerable Systems

Application

  • Flyspray 0.9.9.6


References

XF - flyspray-index-csrf(73051)

EXPLOIT-DB - 18468

SECUNIA - 47881

MISC - http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html

OSVDB - 78923


Last Updated: 27 May 2016 10:58:15