Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dalbum | dalbum | 1.09 |
| dalbum | dalbum | 1.03 |
| dalbum | dalbum | 1.32 |
| dalbum | dalbum | 1.06 |
| dalbum | dalbum | 1.35 |
| dalbum | dalbum | 1.05 |
| dalbum | dalbum | 1.07 |
| dalbum | dalbum | 1.08 |
| dalbum | dalbum | 1.22 |
| dalbum | dalbum | 1.34 |
| dalbum | dalbum | 1.31 |
| dalbum | dalbum | 1.04 |
| dalbum | dalbum | 1.10 |
| dalbum | dalbum | 1.20 |
| dalbum | dalbum | 1.33 |
| dalbum | dalbum | * |
| dalbum | dalbum | 1.3 |
| dalbum | dalbum | 1.21 |