{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "gazie-adminutente-csrf(72991)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"}, {"name": "47947", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47947"}, {"name": "18464", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18464"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1220", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "gazie-adminutente-csrf(72991)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"}, {"name": "47947", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47947"}, {"name": "18464", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18464"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:36.275Z"}, "title": "CVE Program Container", "references": [{"name": "gazie-adminutente-csrf(72991)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"}, {"name": "47947", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47947"}, {"name": "18464", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18464"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1220", "datePublished": "2012-02-21T00:00:00", "dateReserved": "2012-02-20T00:00:00", "dateUpdated": "2024-08-06T18:53:36.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devincentiis:gazie:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECFA9074-0A78-460C-9C41-060C464B7115", "versionEndIncluding": "5.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1CDA31D7-FC26-4E4C-B032-B62C63594FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "9E407408-2103-45B1-8B91-39BF5A3B3BC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "F37B5D86-A7AE-48AB-9689-F38979F2CD52", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "74E8510F-8138-4F84-8E91-1902E352C32A", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "AFAD7B4B-CCA3-4666-B50E-31BFB8A63276", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "CDD85041-5069-42DC-ACEE-9E98EB844282", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "88726711-C50D-4CA1-BE08-DB733C4BF9E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "757B8820-DF9C-4E30-9645-EA0BFDA7B77F", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "C893B91B-8F48-4C9D-B08B-75CA2C00530F", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F885ECE9-D8D4-4030-B0D1-4D192BE8B0B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E091435D-BEAC-48AC-A4E3-1C7F11F82C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9F1B925-2909-4191-B73F-6C5FE023F411", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "87D5B517-1AB8-4475-B9D3-9A418ED83EA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "45B23E3F-3436-4C7B-9230-E516989D58CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DAE6AFA-577D-429C-A735-F346E387C1EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9D1EEEAE-14B6-4A93-A1CF-D664C8757C92", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "8361C9A9-9BEF-4C59-8173-6E94DCD6A145", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C34A2CA3-CD98-4148-876F-F61493FC53F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A6B4F4E4-7895-4B07-A625-36FA2722B450", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A0C4DA82-D5F7-4E75-A745-E710E0FA8525", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "6DD477BC-2021-4262-A64A-0D3326EA691A", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "F472B50D-1C4A-4B73-A2E4-A5567B3A3027", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED5DD26C-32B7-4196-838A-FFFCD6737E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F9805B7-28F2-4100-AD42-0818AD9F2FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCC45695-5AA1-458E-8765-450EB09B434B", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B3491D62-CE6A-4079-A7E1-4D523B22F567", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "061B0E77-C71F-4CE7-9316-4669550B3FE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3FE73501-F04A-43A6-A92D-B44FAA735AA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B1F11578-752C-4F40-A66C-8903D12540D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "723331E0-D0F1-4CE4-9C03-4E019F2AE78B", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "32B613A0-53E3-46CE-9A96-F61D5A2B1FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "86E255CF-CAE5-4CE7-8C65-0A00D5951D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "BE2170F3-D972-4316-ABC0-F321027D5824", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "509B3378-1752-4FE9-A81B-B9CF58976D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "EB969BBD-0CA2-44D1-A5D5-C2CD7C59F744", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1248818-0F26-47C5-92E4-44AE8202D033", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "78C057F3-3E5F-4753-986E-A11D1AEEDA78", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "005A8D9F-A006-4B60-9730-40A0DC992629", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "749E201D-21F0-4BE7-8ECB-26AE30F495D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "5DDCE2C5-CDEF-4D39-B173-2713A3CD3B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "36D35B8E-513C-4EA2-A309-735638F493AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "48F9512E-B6B4-4B6F-8FD1-12F1FE276438", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B05E03E0-7A5F-4650-BB8C-C9E355587236", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "270C7D15-5D04-4088-978D-4A66DB4EEAA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "5F8C0C14-7252-44EF-BAD8-C11F608B5DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "914DAB68-A1E0-4DA3-849D-57B6612EAF64", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.11:*:*:*:*:*:*:*", "matchCriteriaId": "3B1C6DB7-75DC-4536-BCC2-913A2B211E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "24582AAE-C4E5-4198-876C-D63349E3B98D", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.13:*:*:*:*:*:*:*", "matchCriteriaId": "5079CDB6-9232-4FD5-B808-8EAD47B8E293", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.14:*:*:*:*:*:*:*", "matchCriteriaId": "31B6854E-324C-4509-ACD7-32350A7041D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.15:*:*:*:*:*:*:*", "matchCriteriaId": "B198B986-CDEA-43B3-BB85-AA30344FEF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.16:*:*:*:*:*:*:*", "matchCriteriaId": "5793EEB4-C302-4E72-9A71-63F4A906D3CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.17:*:*:*:*:*:*:*", "matchCriteriaId": "AB2D1F64-9CD5-4C37-BFB5-956228B2A5EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.18:*:*:*:*:*:*:*", "matchCriteriaId": "559633E2-FF3D-4CC4-BB70-994950CB57D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:devincentiis:gazie:5.19:*:*:*:*:*:*:*", "matchCriteriaId": "F358671C-E648-49C2-9F49-338EC4A2CA0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en modules/config/admin_utente.php en GAzie v5.20 y anteriores,permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones de cambio de la informaci\u00f3n de cuentas a trav\u00e9s de una acci\u00f3n update, como se demostr\u00f3 mediante el cambio de contrase\u00f1a."}], "id": "CVE-2012-1220", "lastModified": "2024-11-21T01:36:41.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-21T13:31:47.047", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47947"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18464"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}