Published: 16/03/2018 Updated: 09/04/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo prior to 2.6.2 allows remote malicious users to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
piwigo piwigo

# Exploit Title: piwigo 261 - CSRF # Date: 26/02/2014 # Exploit Author: killall-9@mailcom # Vendor Homepage: itpiwigoorg/ # Software Link: itpiwigoorg/basics/downloads # Version: 261 # Tested on: Virtualbox debian A CSRF problem is present in the administration panel Here it is a POF according to a derived POST: <!DOCTY ...

CWE-352 http://www.securityfocus.com/bid/65811 http://www.exploit-db.com/exploits/31916 http://seclists.org/oss-sec/2014/q2/623 http://seclists.org/oss-sec/2014/q2/610 http://piwigo.org/releases/2.6.2 http://piwigo.org/bugs/view.php?id=0003055 http://packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.html http://osvdb.org/show/osvdb/103774 https://nvd.nist.gov https://www.exploit-db.com/exploits/31916/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-4613

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect