7.6
CVSSv2

CVE-2013-1468

Published: 14/03/2013 Updated: 03/10/2013
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo prior to 2.4.7 allows remote malicious users to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

piwigo piwigo 1.0.0

piwigo piwigo 1.0.1

piwigo piwigo 1.0.2

piwigo piwigo 1.1.0

piwigo piwigo 1.2.0

piwigo piwigo 1.2.1

piwigo piwigo 1.3.0

piwigo piwigo 1.3.1

piwigo piwigo 1.3.2

piwigo piwigo 1.3.3

piwigo piwigo 1.3.4

piwigo piwigo 1.4.0

piwigo piwigo 1.4.1

piwigo piwigo 1.5.0

piwigo piwigo 1.5.1

piwigo piwigo 1.5.2

piwigo piwigo 1.6.0

piwigo piwigo 1.6.1

piwigo piwigo 1.6.2

piwigo piwigo 1.7.0

piwigo piwigo 1.7.1

piwigo piwigo 1.7.2

piwigo piwigo 1.7.3

piwigo piwigo 2.0

piwigo piwigo 2.0.0

piwigo piwigo 2.0.1

piwigo piwigo 2.0.2

piwigo piwigo 2.0.3

piwigo piwigo 2.0.4

piwigo piwigo 2.0.5

piwigo piwigo 2.0.6

piwigo piwigo 2.0.7

piwigo piwigo 2.0.8

piwigo piwigo 2.0.9

piwigo piwigo 2.0.10

piwigo piwigo 2.1.0

piwigo piwigo 2.1.1

piwigo piwigo 2.1.2

piwigo piwigo 2.1.3

piwigo piwigo 2.1.4

piwigo piwigo 2.1.5

piwigo piwigo 2.1.6

piwigo piwigo 2.2.0

piwigo piwigo 2.2.1

piwigo piwigo 2.2.2

piwigo piwigo 2.2.3

piwigo piwigo 2.2.4

piwigo piwigo 2.2.5

piwigo piwigo 2.3.0

piwigo piwigo 2.3.1

piwigo piwigo 2.3.2

piwigo piwigo 2.3.3

piwigo piwigo 2.3.4

piwigo piwigo 2.3.5

piwigo piwigo 2.4.0

piwigo piwigo 2.4.1

piwigo piwigo 2.4.2

piwigo piwigo 2.4.3

piwigo piwigo 2.4.4

piwigo piwigo 2.4.5

piwigo piwigo

Exploits

Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 246 and probably prior Tested Version: 246 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22] CVE References: CVE-2013-14 ...

Mailing Lists

Piwigo version 245 suffers from cross site request forgery and path traversal vulnerabilities ...
Piwigo version 272 suffers from cross site scripting and remote SQL injection vulnerabilities ...