CVE-2012-5891

Published Nov 17, 2012

Last updated 12 years ago

Overview

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:*:174:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30AE0511-D402-4646-B3BF-8F93DA710D24",
            "versionEndIncluding": "1.44"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A923E3B3-0A72-47F6-AAED-16D98B38EE9C"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "848C3E7A-E337-4926-B504-CC1D6B68279C"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8500168-C824-4BAB-B5A8-B33FE5AE073B"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9A185A1-27DC-419B-8BB7-948E04195B49"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "294225D4-7BD0-4778-BF9A-035584872F18"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E9F676F-9B8E-4B4D-8F3E-9B359C07280B"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED720FF8-ED87-474D-BB2B-5691FAAFF235"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBD3343-5B90-4B97-8C53-6EF4F7029E17"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BDDAA6E-9EC7-4368-A641-B47F6641015F"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA354007-794B-44A2-8CDC-9A4D20FDFC80"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CC00618-0F00-44D4-82DB-7DC752437660"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4EBE1CA-9578-4C9D-8399-27FB3000BF3C"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B68886CF-7DEB-49BF-ABE9-28EA01BA9311"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4822F938-1894-4648-B07E-A2D9516467B1"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38729055-3A22-4191-ACB8-A2219BF421CD"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0B3189A-30F6-46A6-86F9-F1F28E4BBA6F"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3950993C-8BF4-4F75-8F68-6DA4ECAFB6C4"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.22:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD8B31F4-45E2-4D02-B4FC-75E34B400227"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9575E2-B736-428A-A576-404D0DFE8AD6"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B721280A-C065-4212-B2CF-A886AB329B7D"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFA99B11-1D12-48ED-A109-F5DC6872996B"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DD159DF-FA54-42AF-8D31-5DCFDFE62DB2"
          },
          {
            "criteria": "cpe:2.3:a:dalbum:dalbum:1.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47B7200C-85E4-48E4-B7F4-7241C3A977D4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References