CVE-2012-1220

Devincentiis Gazie < 5.20 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Exploits (1)

exploitdb WORKING POC

by Giuseppe D'Inverno · htmlwebappsphp

https://www.exploit-db.com/exploits/18464

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://secunia.com/advisories/47947

[Exploit] http://www.exploit-db.com/exploits/18464

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72991

Scores

EPSS 0.0018

EPSS Percentile 39.6%

Details

CWE

CWE-352

Status published

Products (50)

devincentiis/gazie 2.0.7

devincentiis/gazie 2.0.8

devincentiis/gazie 2.0.9

devincentiis/gazie 2.0.10

devincentiis/gazie 2.0.11

devincentiis/gazie 2.0.12

devincentiis/gazie 2.0.13

devincentiis/gazie 2.0.14

devincentiis/gazie 2.0.15

devincentiis/gazie 3.0.0

... and 40 more

Published Feb 21, 2012

Tracked Since Feb 18, 2026