CVE-2012-0990 - Vulnerability Details - OpenCVE

Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dclassifieds	Dclassifieds

Configuration 1 [-]

cpe:2.3:a:dclassifieds:dclassifieds:0.1:final:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html
http://secunia.com/advisories/47691
http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download
http://www.osvdb.org/78557
http://www.securityfocus.com/bid/51671
https://exchange.xforce.ibmcloud.com/vulnerabilities/72733
https://www.htbridge.ch/advisory/HTB23067

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-07T21:00:00

Updated: 2024-08-06T18:45:26.718Z

Reserved: 2012-02-02T00:00:00

Link: CVE-2012-0990

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-02-07T21:55:02.390

Modified: 2024-11-21T01:36:06.043

Link: CVE-2012-0990

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download"}, {"name": "47691", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47691"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.ch/advisory/HTB23067"}, {"name": "78557", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/78557"}, {"name": "51671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51671"}, {"name": "dclassifieds-settings-csrf(72733)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72733"}, {"name": "20120125 CSRF (Cross-Site Request Forgery) in DClassifieds", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0990", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download", "refsource": "CONFIRM", "url": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download"}, {"name": "47691", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47691"}, {"name": "https://www.htbridge.ch/advisory/HTB23067", "refsource": "MISC", "url": "https://www.htbridge.ch/advisory/HTB23067"}, {"name": "78557", "refsource": "OSVDB", "url": "http://www.osvdb.org/78557"}, {"name": "51671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51671"}, {"name": "dclassifieds-settings-csrf(72733)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72733"}, {"name": "20120125 CSRF (Cross-Site Request Forgery) in DClassifieds", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:26.718Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download"}, {"name": "47691", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47691"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.ch/advisory/HTB23067"}, {"name": "78557", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/78557"}, {"name": "51671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51671"}, {"name": "dclassifieds-settings-csrf(72733)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72733"}, {"name": "20120125 CSRF (Cross-Site Request Forgery) in DClassifieds", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0990", "datePublished": "2012-02-07T21:00:00", "dateReserved": "2012-02-02T00:00:00", "dateUpdated": "2024-08-06T18:45:26.718Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dclassifieds:dclassifieds:0.1:final:*:*:*:*:*:*", "matchCriteriaId": "38CD4342-DE85-4495-B315-1C38E851D5F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en admin/settings/update en DClassifieds v0.1 final, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que modifican las propiedades de la cuenta como la contrase\u00f1a o el email del administrador a trav\u00e9s de algunos par\u00e1metros Settings[]"}], "id": "CVE-2012-0990", "lastModified": "2024-11-21T01:36:06.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-07T21:55:02.390", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47691"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/78557"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/51671"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72733"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.ch/advisory/HTB23067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47691"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/78557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/51671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.htbridge.ch/advisory/HTB23067"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}