CVE-2012-1220

Опубликовано: 21 фев. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Ссылки

http://secunia.com/advisories/47947
Vendor Advisory
http://www.exploit-db.com/exploits/18464
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991
http://secunia.com/advisories/47947
Vendor Advisory
http://www.exploit-db.com/exploits/18464
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devincentiis:gazie:*:*:*:*:*:*:*:*

Версия до 5.20 (включая)

cpe:2.3:a:devincentiis:gazie:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.0:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.1:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.2:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.3:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.4:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.5:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.6:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.7:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.8:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.9:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.10:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.11:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.12:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.13:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.14:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.15:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.16:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.17:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.18:*:*:*:*:*:*:*

cpe:2.3:a:devincentiis:gazie:5.19:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00119

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-7xq8-8r52-qr48

github

больше 3 лет назад