CVE-2012-5891
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dalbum | dalbum | {"endIncluding":"1.44"} | |
| dalbum | dalbum | 1.03 | |
| dalbum | dalbum | 1.3 | |
| dalbum | dalbum | 1.04 | |
| dalbum | dalbum | 1.05 | |
| dalbum | dalbum | 1.06 | |
| dalbum | dalbum | 1.07 | |
| dalbum | dalbum | 1.08 | |
| dalbum | dalbum | 1.09 | |
| dalbum | dalbum | 1.10 | |
| dalbum | dalbum | 1.20 | |
| dalbum | dalbum | 1.21 | |
| dalbum | dalbum | 1.22 | |
| dalbum | dalbum | 1.31 | |
| dalbum | dalbum | 1.32 | |
| dalbum | dalbum | 1.33 | |
| dalbum | dalbum | 1.34 | |
| dalbum | dalbum | 1.35 | |
References
- http://osvdb.org/80745
- http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html
- http://www.exploit-db.com/exploits/18685
- http://osvdb.org/80745
- http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html
- http://www.exploit-db.com/exploits/18685
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.