CVE-2012-5898

medium

Published 2012-11-17 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48661

Application impact

Vendor	Product	Versions	Fixed
samedia	landshop	`0.9.2`

References

http://osvdb.org/80800
http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html
http://secunia.com/advisories/48661
http://vulnerability-lab.com/get_content.php?id=485
http://www.exploit-db.com/exploits/18687
http://osvdb.org/80800
http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html
http://secunia.com/advisories/48661
http://vulnerability-lab.com/get_content.php?id=485
http://www.exploit-db.com/exploits/18687

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.