Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5891

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-5891
Last Modified 15 Jan 2013 12:00:00
Published 17 Nov 2012 04:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5891

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.

Vulnerable Systems

Application

  • Alexei Shamov Dalbum 1.03

  • Alexei Shamov Dalbum 1.04

  • Alexei Shamov Dalbum 1.05

  • Alexei Shamov Dalbum 1.06

  • Alexei Shamov Dalbum 1.07

  • Alexei Shamov Dalbum 1.08

  • Alexei Shamov Dalbum 1.09

  • Alexei Shamov Dalbum 1.10

  • Alexei Shamov Dalbum 1.20

  • Alexei Shamov Dalbum 1.21

  • Alexei Shamov Dalbum 1.22

  • Alexei Shamov Dalbum 1.3

  • Alexei Shamov Dalbum 1.31

  • Alexei Shamov Dalbum 1.32

  • Alexei Shamov Dalbum 1.33

  • Alexei Shamov Dalbum 1.34

  • Alexei Shamov Dalbum 1.35

  • Alexei Shamov Dalbum 1.44

  • Dalbum 1.03

  • Dalbum 1.04

  • Dalbum 1.05

  • Dalbum 1.06

  • Dalbum 1.07

  • Dalbum 1.08

  • Dalbum 1.09

  • Dalbum 1.10

  • Dalbum 1.20

  • Dalbum 1.21

  • Dalbum 1.22

  • Dalbum 1.3

  • Dalbum 1.31

  • Dalbum 1.32

  • Dalbum 1.33

  • Dalbum 1.34

  • Dalbum 1.35

  • Dalbum 1.44


References

EXPLOIT-DB - 18685

MISC - http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html

OSVDB - 80745


Last Updated: 27 May 2016 10:51:48