Lucene search
MitreCVE-2012-1220HistoryFeb 21, 2012 - 1:31 p.m.
CVE-2012-1220
2012-02-2113:31:47
CWE-352
mitre
web.nvd.nist.gov
24
cve-2012-1220
cross-site request forgery
csrf
gazie 5.20
authentication hijacking
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.006
Percentile
78.8%
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.
Affected configurations
Node
devincentiisgazieRange≤5.20
ORdevincentiisgazieMatch2.0.7
ORdevincentiisgazieMatch2.0.8
ORdevincentiisgazieMatch2.0.9
ORdevincentiisgazieMatch2.0.10
ORdevincentiisgazieMatch2.0.11
ORdevincentiisgazieMatch2.0.12
ORdevincentiisgazieMatch2.0.13
ORdevincentiisgazieMatch2.0.14
ORdevincentiisgazieMatch2.0.15
ORdevincentiisgazieMatch3.0.0
ORdevincentiisgazieMatch3.0.1
ORdevincentiisgazieMatch3.0.2
ORdevincentiisgazieMatch3.0.3
ORdevincentiisgazieMatch3.0.4
ORdevincentiisgazieMatch3.0.5
ORdevincentiisgazieMatch3.0.6
ORdevincentiisgazieMatch3.0.7
ORdevincentiisgazieMatch3.0.8
ORdevincentiisgazieMatch3.0.9
ORdevincentiisgazieMatch3.0.10
ORdevincentiisgazieMatch3.0.11
ORdevincentiisgazieMatch3.0.12
ORdevincentiisgazieMatch4.0.1
ORdevincentiisgazieMatch4.0.2
ORdevincentiisgazieMatch4.0.3
ORdevincentiisgazieMatch4.0.4
ORdevincentiisgazieMatch4.0.5
ORdevincentiisgazieMatch4.0.6
ORdevincentiisgazieMatch4.0.7
ORdevincentiisgazieMatch4.0.8
ORdevincentiisgazieMatch4.0.9
ORdevincentiisgazieMatch4.0.10
ORdevincentiisgazieMatch4.0.11
ORdevincentiisgazieMatch4.0.12
ORdevincentiisgazieMatch4.0.13
ORdevincentiisgazieMatch5.0
ORdevincentiisgazieMatch5.1
ORdevincentiisgazieMatch5.2
ORdevincentiisgazieMatch5.3
ORdevincentiisgazieMatch5.4
ORdevincentiisgazieMatch5.5
ORdevincentiisgazieMatch5.6
ORdevincentiisgazieMatch5.7
ORdevincentiisgazieMatch5.8
ORdevincentiisgazieMatch5.9
ORdevincentiisgazieMatch5.10
ORdevincentiisgazieMatch5.11
ORdevincentiisgazieMatch5.12
ORdevincentiisgazieMatch5.13
ORdevincentiisgazieMatch5.14
ORdevincentiisgazieMatch5.15
ORdevincentiisgazieMatch5.16
ORdevincentiisgazieMatch5.17
ORdevincentiisgazieMatch5.18
ORdevincentiisgazieMatch5.19
| Vendor | Product | Version | CPE |
|---|---|---|---|
| devincentiis | gazie | * | cpe:2.3:a:devincentiis:gazie:*:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.7 | cpe:2.3:a:devincentiis:gazie:2.0.7:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.8 | cpe:2.3:a:devincentiis:gazie:2.0.8:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.9 | cpe:2.3:a:devincentiis:gazie:2.0.9:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.10 | cpe:2.3:a:devincentiis:gazie:2.0.10:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.11 | cpe:2.3:a:devincentiis:gazie:2.0.11:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.12 | cpe:2.3:a:devincentiis:gazie:2.0.12:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.13 | cpe:2.3:a:devincentiis:gazie:2.0.13:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.14 | cpe:2.3:a:devincentiis:gazie:2.0.14:*:*:*:*:*:*:* |
| devincentiis | gazie | 2.0.15 | cpe:2.3:a:devincentiis:gazie:2.0.15:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2012-02-21 13:31:00
cvelist
cvelist
CVE-2012-1220
2012-02-21 00:00:00
exploitdb
exploitdb
GAzie 5.20 - Cross-Site Request Forgery
2012-02-05 00:00:00
nvd
nvd
CVE-2012-1220
2012-02-21 13:31:47
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.006
Percentile
78.8%
Related for CVE-2012-1220