Cross site request forgery (csrf)

2012-02-2113:31:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

CPENameOperatorVersion
gazieeq3.0.9
gazieeq4.0.4
gazieeq2.0.7
gazieeq2.0.10
gazieeq3.0.7
gazieeq3.0.3
gazieeq5.15
gazieeq5.1
gazieeq2.0.11
gazieeq3.0.6

Name	Operator	Version
gazie	eq	3.0.9
gazie	eq	4.0.4
gazie	eq	2.0.7
gazie	eq	2.0.10
gazie	eq	3.0.7
gazie	eq	3.0.3
gazie	eq	5.15
gazie	eq	5.1
gazie	eq	2.0.11
gazie	eq	3.0.6

Rows per page:

1-10 of 561

References

secunia.com/advisories/47947

exchange.xforce.ibmcloud.com/vulnerabilities/72991

www.exploit-db.com/exploits/18464