CVE-2012-1058

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-1058
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.exploit-db.com/exploits/18468 Exploit
http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html Exploit
http://osvdb.org/78923
http://secunia.com/advisories/47881 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/73051
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:flyspray:flyspray:0.9.9.6:*:*:*:*:*:*:*
Information

Published : 2012-02-13 16:55

Updated : 2017-08-28 18:31

NVD link : CVE-2012-1058

Mitre link : CVE-2012-1058

JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa
Products Affected

flyspray

  • flyspray