Vulnerability CVE-2013-1468
Published: 2013-03-13   Modified: 2013-03-15

Description:
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities
High-Tech Bridge...
01.03.2013

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Piwigo -> Piwigo 

 References:
https://www.htbridge.com/advisory/HTB23144
http://www.osvdb.org/90504
http://www.exploit-db.com/exploits/24561
http://secunia.com/advisories/52228
http://piwigo.org/releases/2.4.7
http://piwigo.org/forum/viewtopic.php?id=21470
http://piwigo.org/bugs/view.php?id=0002844
http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html
http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html
Copyright 2024, cxsecurity.com

 

Back to Top