Unrated severityNVD Advisory· Published Nov 17, 2012· Updated Jun 16, 2026
CVE-2012-5891
CVE-2012-5891
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:dalbum:dalbum:1.03:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:dalbum:dalbum:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp2:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp3:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp4:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp5:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp6:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.22:sp7:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:dalbum:dalbum:*:174:*:*:*:*:*:*range: <=1.44
- (no CPE)range: <=1.44 build 174
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.