Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2013-1469

Published: 13/03/2013 Updated: 19/03/2013
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 410
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P
Subscribe to Piwigo

Vulnerability Summary

Directory traversal vulnerability in install.php in Piwigo prior to 2.4.7 allows remote malicious users to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

piwigo piwigo 2.2.4

piwigo piwigo 2.2.3

piwigo piwigo 2.2.2

piwigo piwigo 2.2.1

piwigo piwigo 2.0.2

piwigo piwigo 2.0.3

piwigo piwigo 2.0.0

piwigo piwigo 2.0.1

piwigo piwigo 1.2.0

piwigo piwigo 1.3.1

piwigo piwigo 1.3.0

piwigo piwigo 1.6.2

piwigo piwigo 1.7.0

piwigo piwigo 2.4.0

piwigo piwigo 2.3.5

piwigo piwigo 2.3.4

piwigo piwigo 2.3.3

piwigo piwigo 2.1.3

piwigo piwigo 2.1.2

piwigo piwigo 2.1.1

piwigo piwigo 2.1.0

piwigo piwigo 1.0.0

piwigo piwigo 1.1.0

piwigo piwigo 1.0.2

piwigo piwigo 1.3.3

piwigo piwigo 1.4.1

piwigo piwigo 1.5.0

piwigo piwigo 1.7.3

piwigo piwigo 1.7.1

piwigo piwigo 2.4.4

piwigo piwigo 2.4.2

piwigo piwigo 2.3.1

piwigo piwigo 2.2.5

piwigo piwigo 2.2.0

piwigo piwigo 2.1.5

piwigo piwigo 2.0.9

piwigo piwigo 2.0.5

piwigo piwigo 2.0.8

piwigo piwigo 1.0.1

piwigo piwigo 1.3.2

piwigo piwigo 1.3.4

piwigo piwigo 1.6.0

piwigo piwigo 1.5.1

piwigo piwigo

piwigo piwigo 2.4.5

piwigo piwigo 2.4.3

piwigo piwigo 2.4.1

piwigo piwigo 2.3.2

piwigo piwigo 2.3.0

piwigo piwigo 2.1.6

piwigo piwigo 2.1.4

piwigo piwigo 2.0.10

piwigo piwigo 2.0.4

piwigo piwigo 2.0

piwigo piwigo 2.0.7

piwigo piwigo 2.0.6

piwigo piwigo 1.4.0

piwigo piwigo 1.2.1

piwigo piwigo 1.6.1

piwigo piwigo 1.5.2

piwigo piwigo 1.7.2

Exploits

Exploit DB: Piwigo 2.4.6 - Multiple Vulnerabilities
Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 246 and probably prior Tested Version: 246 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22] CVE References: CVE-2013-14 ...
Exploit DB: Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete
Piwigo 246 (installphp) Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: wwwpiwigoorg Affected version: 246 Summary: Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures Desc: Input passed to the 'dl' parameter in ...
Exploit DB: Piwigo 2.7.2 Cross Site Scripting / SQL Injection
Piwigo version 272 suffers from cross site scripting and remote SQL injection vulnerabilities ...
Exploit DB: Piwigo 2.4.6 Cross Site Request Forgery / Traversal
Piwigo version 245 suffers from cross site request forgery and path traversal vulnerabilities ...

References

CWE-22http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.htmlhttp://archives.neohapsis.com/archives/bugtraq/2013-02/0153.htmlhttps://www.htbridge.com/advisory/HTB23144http://piwigo.org/forum/viewtopic.php?id=21470http://piwigo.org/bugs/view.php?id=0002843http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.phphttp://piwigo.org/releases/2.4.7http://www.exploit-db.com/exploits/24561https://nvd.nist.govhttps://www.exploit-db.com/exploits/24561/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook