CVE-2012-5891

{"modified": "2013-01-15T00:00:00", "id": "CVE-2012-5891", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5891", "cvelist": ["CVE-2012-5891"], "references": ["http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html", "http://www.exploit-db.com/exploits/18685"], "bulletinFamily": "NVD", "lastseen": "2016-09-03T17:20:17", "title": "CVE-2012-5891", "published": "2012-11-17T16:55:03", "viewCount": 0, "type": "cve", "cpe": ["cpe:/a:dalbum:dalbum:1.08", "cpe:/a:dalbum:dalbum:1.20", "cpe:/a:dalbum:dalbum:1.21", "cpe:/a:dalbum:dalbum:1.06", "cpe:/a:dalbum:dalbum:1.34", "cpe:/a:dalbum:dalbum:1.07", "cpe:/a:dalbum:dalbum:1.05", "cpe:/a:dalbum:dalbum:1.35", "cpe:/a:dalbum:dalbum:1.22:sp5", "cpe:/a:dalbum:dalbum:1.09", "cpe:/a:dalbum:dalbum:1.32", "cpe:/a:dalbum:dalbum:1.22:sp7", "cpe:/a:dalbum:dalbum:1.03", "cpe:/a:dalbum:dalbum:1.22:sp2", "cpe:/a:dalbum:dalbum:1.31", "cpe:/a:dalbum:dalbum:1.44:174", "cpe:/a:dalbum:dalbum:1.04", "cpe:/a:dalbum:dalbum:1.3", "cpe:/a:dalbum:dalbum:1.33", "cpe:/a:dalbum:dalbum:1.22:sp3", "cpe:/a:dalbum:dalbum:1.22:sp4", "cpe:/a:dalbum:dalbum:1.22", "cpe:/a:dalbum:dalbum:1.10", "cpe:/a:dalbum:dalbum:1.22:sp6"], "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.", "hash": "129b2770eebf6e02107bfd71a1a4a25730f5f64ef9b5a86df3431d1783cebbe0", "reporter": "NVD", "scanner": [], "assessment": {"system": "", "name": "", "href": ""}, "enchantments": {"vulnersScore": 5.8}}

{"result": {"exploitdb": [{"id": "EDB-ID:18685", "type": "exploitdb", "title": "dalbum <= 144 build 174 - CSRF Vulnerabilities", "description": "dalbum <= 144 build 174 - CSRF Vulnerabilities. CVE-2012-5891. Webapps exploit for php platform", "published": "2012-03-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/18685/", "cvelist": ["CVE-2012-5891"], "lastseen": "2016-02-02T10:14:31"}], "seebug": [{"id": "SSV-72740", "type": "seebug", "title": "dalbum 144 build 174 and earlier CSRF Vulnerabilities", "description": "Summary: \nDAlbum is a WEB-based library management system.< br/>DAlbum 1.44 build 174 and earlier versions of the photo/pass. in php there are multiple cross-site request forgery vulnerability. By the administrator of the sending of the request includes: (1)by adding operation to add a user(2)by a change operation to change a user password, or(3)by the delete operation to delete the user, the remote attacker can use this vulnerability to hijack the Administrator's authentication information.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-72740", "cvelist": ["CVE-2012-5891"], "lastseen": "2016-07-27T02:47:09"}]}}