MidnightBSD

Advisories for devincentiis

CVE-2012-1220 MEDIUM

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
devincentiis gazie 5.13
devincentiis gazie 4.0.2
devincentiis gazie 2.0.9
devincentiis gazie 4.0.9
devincentiis gazie 2.0.7
devincentiis gazie 4.0.11
devincentiis gazie 5.17
devincentiis gazie 2.0.8
devincentiis gazie 3.0.0
devincentiis gazie 3.0.4
devincentiis gazie 3.0.5
devincentiis gazie 5.19
devincentiis gazie 5.10
devincentiis gazie 4.0.12
devincentiis gazie 5.3
devincentiis gazie 3.0.9
devincentiis gazie 4.0.5
devincentiis gazie *
devincentiis gazie 5.0
devincentiis gazie 5.18
devincentiis gazie 3.0.12
devincentiis gazie 5.2
devincentiis gazie 5.7
devincentiis gazie 5.9
devincentiis gazie 4.0.1
devincentiis gazie 5.16
devincentiis gazie 5.5
devincentiis gazie 4.0.3
devincentiis gazie 4.0.6
devincentiis gazie 2.0.14
devincentiis gazie 5.6
devincentiis gazie 4.0.7
devincentiis gazie 5.1
devincentiis gazie 5.12
devincentiis gazie 3.0.7
devincentiis gazie 3.0.8
devincentiis gazie 4.0.13
devincentiis gazie 2.0.10
devincentiis gazie 5.15
devincentiis gazie 2.0.15
devincentiis gazie 3.0.6
devincentiis gazie 3.0.3
devincentiis gazie 5.14
devincentiis gazie 3.0.11
devincentiis gazie 2.0.12
devincentiis gazie 3.0.1
devincentiis gazie 4.0.8
devincentiis gazie 5.4
devincentiis gazie 2.0.13
devincentiis gazie 5.8
devincentiis gazie 4.0.4
devincentiis gazie 4.0.10
devincentiis gazie 5.11
devincentiis gazie 2.0.11
devincentiis gazie 3.0.10
devincentiis gazie 3.0.2