CVE-2012-5891
17.11.2012, 21:55
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
| Vendor | Product | Version |
|---|---|---|
| dalbum | dalbum | 𝑥 ≤ 1.44 |
| dalbum | dalbum | 1.03 |
| dalbum | dalbum | 1.3 |
| dalbum | dalbum | 1.04 |
| dalbum | dalbum | 1.05 |
| dalbum | dalbum | 1.06 |
| dalbum | dalbum | 1.07 |
| dalbum | dalbum | 1.08 |
| dalbum | dalbum | 1.09 |
| dalbum | dalbum | 1.10 |
| dalbum | dalbum | 1.20 |
| dalbum | dalbum | 1.21 |
| dalbum | dalbum | 1.22 |
| dalbum | dalbum | 1.22:sp2 |
| dalbum | dalbum | 1.22:sp3 |
| dalbum | dalbum | 1.22:sp4 |
| dalbum | dalbum | 1.22:sp5 |
| dalbum | dalbum | 1.22:sp6 |
| dalbum | dalbum | 1.22:sp7 |
| dalbum | dalbum | 1.31 |
| dalbum | dalbum | 1.32 |
| dalbum | dalbum | 1.33 |
| dalbum | dalbum | 1.34 |
| dalbum | dalbum | 1.35 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References