CVE-2012-1220 — MEDIUM (6.8)

Q: How severe is CVE-2012-1220?

CVE-2012-1220 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-1220?

Check the references section above for vendor advisories and patch information. Affected products include: Devincentiis Gazie.

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Devincentiis	Gazie	<= 5.20

Related Weaknesses (CWE)

CWE-352

References

http://secunia.com/advisories/47947Vendor Advisory
http://www.exploit-db.com/exploits/18464Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991
http://secunia.com/advisories/47947Vendor Advisory
http://www.exploit-db.com/exploits/18464Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991

FAQ

What is CVE-2012-1220?

CVE-2012-1220 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that ch...

How severe is CVE-2012-1220?

CVE-2012-1220 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1220?

Check the references section above for vendor advisories and patch information. Affected products include: Devincentiis Gazie.