Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1220

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1220
Last Modified 24 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1220

Summary

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Vulnerable Systems

Application

  • Devincentiis Gazie 2.0.10

  • Devincentiis Gazie 2.0.11

  • Devincentiis Gazie 2.0.12

  • Devincentiis Gazie 2.0.13

  • Devincentiis Gazie 2.0.14

  • Devincentiis Gazie 2.0.15

  • Devincentiis Gazie 2.0.7

  • Devincentiis Gazie 2.0.8

  • Devincentiis Gazie 2.0.9

  • Devincentiis Gazie 3.0.0

  • Devincentiis Gazie 3.0.1

  • Devincentiis Gazie 3.0.10

  • Devincentiis Gazie 3.0.11

  • Devincentiis Gazie 3.0.12

  • Devincentiis Gazie 3.0.2

  • Devincentiis Gazie 3.0.3

  • Devincentiis Gazie 3.0.4

  • Devincentiis Gazie 3.0.5

  • Devincentiis Gazie 3.0.6

  • Devincentiis Gazie 3.0.7

  • Devincentiis Gazie 3.0.8

  • Devincentiis Gazie 3.0.9

  • Devincentiis Gazie 4.0.1

  • Devincentiis Gazie 4.0.10

  • Devincentiis Gazie 4.0.11

  • Devincentiis Gazie 4.0.12

  • Devincentiis Gazie 4.0.13

  • Devincentiis Gazie 4.0.2

  • Devincentiis Gazie 4.0.3

  • Devincentiis Gazie 4.0.4

  • Devincentiis Gazie 4.0.5

  • Devincentiis Gazie 4.0.6

  • Devincentiis Gazie 4.0.7

  • Devincentiis Gazie 4.0.8

  • Devincentiis Gazie 4.0.9

  • Devincentiis Gazie 5.0

  • Devincentiis Gazie 5.1

  • Devincentiis Gazie 5.10

  • Devincentiis Gazie 5.11

  • Devincentiis Gazie 5.12

  • Devincentiis Gazie 5.13

  • Devincentiis Gazie 5.14

  • Devincentiis Gazie 5.15

  • Devincentiis Gazie 5.16

  • Devincentiis Gazie 5.17

  • Devincentiis Gazie 5.18

  • Devincentiis Gazie 5.19

  • Devincentiis Gazie 5.2

  • Devincentiis Gazie 5.20

  • Devincentiis Gazie 5.3

  • Devincentiis Gazie 5.4

  • Devincentiis Gazie 5.5

  • Devincentiis Gazie 5.6

  • Devincentiis Gazie 5.7

  • Devincentiis Gazie 5.8

  • Devincentiis Gazie 5.9


References

XF - gazie-adminutente-csrf(72991)

EXPLOIT-DB - 18464

SECUNIA - 47947


Last Updated: 27 May 2016 10:58:18