Description
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
Remediation
References
Related Vulnerabilities
WordPress Plugin MegaOptim Image Optimizer Unspecified Vulnerability (1.3.2)
MySQL CVE-2012-1696 Vulnerability (CVE-2012-1696)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.78)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4554)
WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.6.2)