Description
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ahmed Elhady Mohamed · textwebappsphp
https://www.exploit-db.com/exploits/18685
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80745
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18685
Exploit x_refsource_misc
http://packetstormsecurity.org/files/111402/Dalbum-144-Build-174-Cross-Site-Request-Forgery.html
Scores
EPSS
0.0034
EPSS Percentile
56.5%
Details
CWE
CWE-352
Status
published
Products (18)
dalbum/dalbum
1.03
dalbum/dalbum
1.3
dalbum/dalbum
1.04
dalbum/dalbum
1.05
dalbum/dalbum
1.06
dalbum/dalbum
1.07
dalbum/dalbum
1.08
dalbum/dalbum
1.09
dalbum/dalbum
1.10
dalbum/dalbum
1.20
... and 8 more
Published
Nov 17, 2012
Tracked Since
Feb 18, 2026