Lucene search

[email protected]CVE-2012-1220

HistoryFeb 21, 2012 - 1:31 p.m.

CVE-2012-1220

2012-02-2113:31:47

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1220

cross-site request forgery

csrf

gazie 5.20

authentication hijacking

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Affected configurations

NVD

Node

devincentiisgazieRange≤5.20

devincentiisgazieMatch2.0.7

devincentiisgazieMatch2.0.8

devincentiisgazieMatch2.0.9

devincentiisgazieMatch2.0.10

devincentiisgazieMatch2.0.11

devincentiisgazieMatch2.0.12

devincentiisgazieMatch2.0.13

devincentiisgazieMatch2.0.14

devincentiisgazieMatch2.0.15

devincentiisgazieMatch3.0.0

devincentiisgazieMatch3.0.1

devincentiisgazieMatch3.0.2

devincentiisgazieMatch3.0.3

devincentiisgazieMatch3.0.4

devincentiisgazieMatch3.0.5

devincentiisgazieMatch3.0.6

devincentiisgazieMatch3.0.7

devincentiisgazieMatch3.0.8

devincentiisgazieMatch3.0.9

devincentiisgazieMatch3.0.10

devincentiisgazieMatch3.0.11

devincentiisgazieMatch3.0.12

devincentiisgazieMatch4.0.1

devincentiisgazieMatch4.0.2

devincentiisgazieMatch4.0.3

devincentiisgazieMatch4.0.4

devincentiisgazieMatch4.0.5

devincentiisgazieMatch4.0.6

devincentiisgazieMatch4.0.7

devincentiisgazieMatch4.0.8

devincentiisgazieMatch4.0.9

devincentiisgazieMatch4.0.10

devincentiisgazieMatch4.0.11

devincentiisgazieMatch4.0.12

devincentiisgazieMatch4.0.13

devincentiisgazieMatch5.0

devincentiisgazieMatch5.1

devincentiisgazieMatch5.2

devincentiisgazieMatch5.3

devincentiisgazieMatch5.4

devincentiisgazieMatch5.5

devincentiisgazieMatch5.6

devincentiisgazieMatch5.7

devincentiisgazieMatch5.8

devincentiisgazieMatch5.9

devincentiisgazieMatch5.10

devincentiisgazieMatch5.11

devincentiisgazieMatch5.12

devincentiisgazieMatch5.13

devincentiisgazieMatch5.14

devincentiisgazieMatch5.15

devincentiisgazieMatch5.16

devincentiisgazieMatch5.17

devincentiisgazieMatch5.18

devincentiisgazieMatch5.19

CPENameOperatorVersion
devincentiis:gaziedevincentiis gaziele5.20
devincentiis:gaziedevincentiis gazieeq2.0.7
devincentiis:gaziedevincentiis gazieeq2.0.8
devincentiis:gaziedevincentiis gazieeq2.0.9
devincentiis:gaziedevincentiis gazieeq2.0.10
devincentiis:gaziedevincentiis gazieeq2.0.11
devincentiis:gaziedevincentiis gazieeq2.0.12
devincentiis:gaziedevincentiis gazieeq2.0.13
devincentiis:gaziedevincentiis gazieeq2.0.14
devincentiis:gaziedevincentiis gazieeq2.0.15

CPE	Name	Operator	Version
devincentiis:gazie	devincentiis gazie	le	5.20
devincentiis:gazie	devincentiis gazie	eq	2.0.7
devincentiis:gazie	devincentiis gazie	eq	2.0.8
devincentiis:gazie	devincentiis gazie	eq	2.0.9
devincentiis:gazie	devincentiis gazie	eq	2.0.10
devincentiis:gazie	devincentiis gazie	eq	2.0.11
devincentiis:gazie	devincentiis gazie	eq	2.0.12
devincentiis:gazie	devincentiis gazie	eq	2.0.13
devincentiis:gazie	devincentiis gazie	eq	2.0.14
devincentiis:gazie	devincentiis gazie	eq	2.0.15

Rows per page:

1-10 of 561

References

secunia.com/advisories/47947

www.exploit-db.com/exploits/18464

exchange.xforce.ibmcloud.com/vulnerabilities/72991

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2012-1220

nvd1 prion1 cvelist1