CVE-2012-5891

Name of the Vulnerable Software and Affected Versions DAlbum versions 1.44 build 174 and earlier

Description The issue affects the photo/pass.php file, allowing remote attackers to exploit multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities enable attackers to hijack the authentication of administrators for specific requests, including adding a user via an add action, changing user passwords via a change action, or deleting a user via a delete action.

Recommendations For DAlbum versions 1.44 build 174 and earlier, as a temporary workaround, consider disabling the add, change, and delete actions in the photo/pass.php file until a patch is available. Restrict access to the photo/pass.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.