Lucene search

[email protected]CVE-2012-5898

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5898

2022-10-0316:15:32

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-5898

cross-site request forgery

csrf

samedia landshop 0.9.2

remote attackers

authentication hijacking

account settings

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.

Affected configurations

NVD

Node

samedialandshopMatch0.9.2

CPENameOperatorVersion
samedia:landshopsamedia landshopeq0.9.2

CPE	Name	Operator	Version
samedia:landshop	samedia landshop	eq	0.9.2

References

osvdb.org/80800

packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html

secunia.com/advisories/48661

vulnerability-lab.com/get_content.php?id=485

www.exploit-db.com/exploits/18687

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2012-5898

cvelist1 prion1 nvd1