ID CVE-2012-5891 Type cve Reporter NVD Modified 2013-01-15T00:00:00
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
{"id": "CVE-2012-5891", "bulletinFamily": "NVD", "title": "CVE-2012-5891", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.", "published": "2012-11-17T16:55:03", "modified": "2013-01-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5891", "reporter": "NVD", "references": ["http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html", "http://www.exploit-db.com/exploits/18685"], "cvelist": ["CVE-2012-5891"], "type": "cve", "lastseen": "2017-10-12T21:09:12", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:dalbum:dalbum:1.08", "cpe:/a:dalbum:dalbum:1.20", "cpe:/a:dalbum:dalbum:1.21", "cpe:/a:dalbum:dalbum:1.06", "cpe:/a:dalbum:dalbum:1.34", "cpe:/a:dalbum:dalbum:1.07", "cpe:/a:dalbum:dalbum:1.05", "cpe:/a:dalbum:dalbum:1.35", "cpe:/a:dalbum:dalbum:1.22:sp5", "cpe:/a:dalbum:dalbum:1.09", "cpe:/a:dalbum:dalbum:1.32", "cpe:/a:dalbum:dalbum:1.22:sp7", "cpe:/a:dalbum:dalbum:1.03", "cpe:/a:dalbum:dalbum:1.22:sp2", "cpe:/a:dalbum:dalbum:1.31", "cpe:/a:dalbum:dalbum:1.44:174", "cpe:/a:dalbum:dalbum:1.04", "cpe:/a:dalbum:dalbum:1.3", "cpe:/a:dalbum:dalbum:1.33", "cpe:/a:dalbum:dalbum:1.22:sp3", "cpe:/a:dalbum:dalbum:1.22:sp4", "cpe:/a:dalbum:dalbum:1.22", "cpe:/a:dalbum:dalbum:1.10", "cpe:/a:dalbum:dalbum:1.22:sp6"], "cvelist": ["CVE-2012-5891"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.", "edition": 1, "enchantments": {}, "hash": "7822a73c9f7cb50124cd6d9cfc06ad64fd77d0ea8380d18df52177d67d8c9656", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "c81126ba74cf983b2383d0083c2b48a0", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "9100739b85668877a1fe4f9ec241a6de", "key": "href"}, {"hash": "13c9156f16e16a2537344ced4e948079", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4fe7dc76b88259d2e72ed2c00f85eeae", "key": "modified"}, {"hash": "56950bd63a01085220267e19829c4d8d", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "620bc64c122568bb992500610b161a48", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5c0360b0cfe2f6f2d2249dafbd640201", "key": "published"}, {"hash": "cbaca0b47c759aa3aafb26fae6246707", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5891", "id": "CVE-2012-5891", "lastseen": "2016-09-03T17:20:17", "modified": "2013-01-15T00:00:00", "objectVersion": "1.2", "published": "2012-11-17T16:55:03", "references": ["http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html", "http://www.exploit-db.com/exploits/18685"], "reporter": "NVD", "scanner": [], "title": "CVE-2012-5891", "type": "cve", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-03T17:20:17"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ae1b90a2500a0fb63c30686065a58982"}, {"key": "cvelist", "hash": "cbaca0b47c759aa3aafb26fae6246707"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "620bc64c122568bb992500610b161a48"}, {"key": "href", "hash": "9100739b85668877a1fe4f9ec241a6de"}, {"key": "modified", "hash": "4fe7dc76b88259d2e72ed2c00f85eeae"}, {"key": "published", "hash": "5c0360b0cfe2f6f2d2249dafbd640201"}, {"key": "references", "hash": "13c9156f16e16a2537344ced4e948079"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "c81126ba74cf983b2383d0083c2b48a0"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3e80b8ff7e491b565e9b737796026c2d912149d0ff4daf99204c7997921816f4", "viewCount": 0, "enchantments": {"vulnersScore": 6.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:dalbum:dalbum:1.08", "cpe:/a:dalbum:dalbum:1.20", "cpe:/a:dalbum:dalbum:1.21", "cpe:/a:dalbum:dalbum:1.06", "cpe:/a:dalbum:dalbum:1.34", "cpe:/a:dalbum:dalbum:1.07", "cpe:/a:dalbum:dalbum:1.05", "cpe:/a:dalbum:dalbum:1.35", "cpe:/a:dalbum:dalbum:1.22:sp5", "cpe:/a:dalbum:dalbum:1.09", "cpe:/a:dalbum:dalbum:1.32", "cpe:/a:dalbum:dalbum:1.22:sp7", "cpe:/a:dalbum:dalbum:1.03", "cpe:/a:dalbum:dalbum:1.22:sp2", "cpe:/a:dalbum:dalbum:1.31", "cpe:/a:dalbum:dalbum:1.44:174", "cpe:/a:dalbum:dalbum:1.04", "cpe:/a:dalbum:dalbum:1.33", "cpe:/a:dalbum:dalbum:1.22:sp3", "cpe:/a:dalbum:dalbum:1.22:sp4", "cpe:/a:dalbum:dalbum:1.22", "cpe:/a:dalbum:dalbum:1.10", "cpe:/a:dalbum:dalbum:1.22:sp6"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
