Lucene search

[email protected]CVE-2012-4324

HistoryAug 14, 2012 - 9:55 p.m.

CVE-2012-4324

2012-08-1421:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-4324

cross-site request forgery

csrf

phpjabbers vacation rental script

authentication hijacking

adminusers module

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.

CPENameOperatorVersion
phpjabbers:vacation_rental_scriptphpjabbers vacation rental scripteq-

CPE	Name	Operator	Version
phpjabbers:vacation_rental_script	phpjabbers vacation rental script	eq	-

References

osvdb.org/80948

packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html

exchange.xforce.ibmcloud.com/vulnerabilities/74683

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2012-4324

cvelist1 prion1