CVE-2012-1220

GAzie < 5.20 - Cross-Site Request Forgery via Admin User Update Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1220. PoCs published by Giuseppe D'Inverno.

AI-analyzed exploit summary This is a CSRF exploit for GAzie <= 5.20 that allows an attacker to trick an authenticated administrator into submitting a malicious form to update user details, potentially leading to privilege escalation or account takeover.

Description

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Exploits (1)

exploitdb WORKING POC
by Giuseppe D'Inverno · htmlwebappsphp
https://www.exploit-db.com/exploits/18464

This is a CSRF exploit for GAzie <= 5.20 that allows an attacker to trick an authenticated administrator into submitting a malicious form to update user details, potentially leading to privilege escalation or account takeover.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GAzie <= 5.20
Auth required
Prerequisites: Victim must be authenticated as an administrator · Victim must be tricked into submitting the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72991
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47947
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18464

Scores

EPSS 0.0107
EPSS Percentile 60.4%

Details

CWE
CWE-352
Status published
Products (50)
devincentiis/gazie 2.0.7
devincentiis/gazie 2.0.8
devincentiis/gazie 2.0.9
devincentiis/gazie 2.0.10
devincentiis/gazie 2.0.11
devincentiis/gazie 2.0.12
devincentiis/gazie 2.0.13
devincentiis/gazie 2.0.14
devincentiis/gazie 2.0.15
devincentiis/gazie 3.0.0
... and 40 more
Published Feb 21, 2012
Tracked Since Feb 18, 2026