Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3231

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3231
Last Modified 28 Jun 2012 12:00:00
Published 27 Jun 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3231

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.

Vulnerable Systems

Application

  • Webatall Web%40all 2.0


References

MISC - https://www.htbridge.com/advisory/HTB23094

BID - 54109


Last Updated: 27 May 2016 10:47:12