Piwigo Cross-Site Request Forgery Vulnerability
BID:58080
Info
Piwigo Cross-Site Request Forgery Vulnerability
| Bugtraq ID: | 58080 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Feb 19 2013 12:00AM |
| Credit: | High-Tech Bridge SA |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Piwigo Cross-Site Request Forgery Vulnerability
Piwigo is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Versions prior to Piwigo 2.4.7 are vulnerable.
Piwigo is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Versions prior to Piwigo 2.4.7 are vulnerable.
Exploit / POC
Piwigo Cross-Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Piwigo Cross-Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.