4
CVSSv2

CVE-2013-1469

Published: 13/03/2013 Updated: 19/03/2013
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 410
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P

Vulnerability Summary

Directory traversal vulnerability in install.php in Piwigo prior to 2.4.7 allows remote malicious users to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

piwigo piwigo 1.0.0

piwigo piwigo 1.0.1

piwigo piwigo 1.0.2

piwigo piwigo 1.1.0

piwigo piwigo 1.2.0

piwigo piwigo 1.2.1

piwigo piwigo 1.3.0

piwigo piwigo 1.3.1

piwigo piwigo 1.3.2

piwigo piwigo 1.3.3

piwigo piwigo 1.3.4

piwigo piwigo 1.4.0

piwigo piwigo 1.4.1

piwigo piwigo 1.5.0

piwigo piwigo 1.5.1

piwigo piwigo 1.5.2

piwigo piwigo 1.6.0

piwigo piwigo 1.6.1

piwigo piwigo 1.6.2

piwigo piwigo 1.7.0

piwigo piwigo 1.7.1

piwigo piwigo 1.7.2

piwigo piwigo 1.7.3

piwigo piwigo 2.0

piwigo piwigo 2.0.0

piwigo piwigo 2.0.1

piwigo piwigo 2.0.2

piwigo piwigo 2.0.3

piwigo piwigo 2.0.4

piwigo piwigo 2.0.5

piwigo piwigo 2.0.6

piwigo piwigo 2.0.7

piwigo piwigo 2.0.8

piwigo piwigo 2.0.9

piwigo piwigo 2.0.10

piwigo piwigo 2.1.0

piwigo piwigo 2.1.1

piwigo piwigo 2.1.2

piwigo piwigo 2.1.3

piwigo piwigo 2.1.4

piwigo piwigo 2.1.5

piwigo piwigo 2.1.6

piwigo piwigo 2.2.0

piwigo piwigo 2.2.1

piwigo piwigo 2.2.2

piwigo piwigo 2.2.3

piwigo piwigo 2.2.4

piwigo piwigo 2.2.5

piwigo piwigo 2.3.0

piwigo piwigo 2.3.1

piwigo piwigo 2.3.2

piwigo piwigo 2.3.3

piwigo piwigo 2.3.4

piwigo piwigo 2.3.5

piwigo piwigo 2.4.0

piwigo piwigo 2.4.1

piwigo piwigo 2.4.2

piwigo piwigo 2.4.3

piwigo piwigo 2.4.4

piwigo piwigo 2.4.5

piwigo piwigo

Exploits

Piwigo 246 (installphp) Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: wwwpiwigoorg Affected version: 246 Summary: Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures Desc: Input passed to the 'dl' parameter in ...
Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 246 and probably prior Tested Version: 246 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22] CVE References: CVE-2013-14 ...

Mailing Lists

Piwigo version 245 suffers from cross site request forgery and path traversal vulnerabilities ...
Piwigo version 272 suffers from cross site scripting and remote SQL injection vulnerabilities ...