CVE-2012-1220 Information

Description

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action as demonstrated by changing the password.

Reference

http://secunia.com/advisories/47947 http://www.exploit-db.com/exploits/18464 https://exchange.xforce.ibmcloud.com/vulnerabilities/72991