CVE-2013-1468
published 2013-03-14CVE-2013-1468: Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of…
PriorityP347high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
5.73%
92.1th percentile
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| piwigo | piwigo | <= 2.4.6 | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Piwigo 2.7.2 - Multiple Vulnerabilities
exploitdb·2014-12-19·CVSS 7.6
CVE-2014-1470 [HIGH] Piwigo 2.7.2 - Multiple Vulnerabilities
Piwigo 2.7.2 - Multiple Vulnerabilities
---
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
# Exploit Title: Piwigo 2.7.2 - SQL Injection / Cross Site Scripting Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://www.piwigo.org/
# Vendor Name: Piwigo
# Version: 2.7.2
# CVE: CVE-2014-1470
# CVE References: CVE-2013-1468, CVE-2013-1469
# Author: TaurusOmar
# Tiwtter: @TaurusOmar_
# Email: [email protected]
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High
Description
Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures.
+ CROSS SITE SCRIPTING +
# Exploiting Description - Get into code xss in the box of group list.
Add Group
Name Group
YOUR GROUP NAME O POC
Canc
Exploit-DB
Piwigo 2.4.6 - Multiple Vulnerabilities
exploitdb·2013-03-01·CVSS 7.6
CVE-2013-1469 [HIGH] Piwigo 2.4.6 - Multiple Vulnerabilities
Piwigo 2.4.6 - Multiple Vulnerabilities
---
Advisory ID: HTB23144
Product: Piwigo
Vendor: Piwigo project
Vulnerable Version(s): 2.4.6 and probably prior
Tested Version: 2.4.6
Vendor Notification: February 6, 2013
Vendor Patch: February 19, 2013
Public Disclosure: February 27, 2013
Vulnerability Type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22]
CVE References: CVE-2013-1468, CVE-2013-1469
Risk Level: High
CVSSv2 Base Scores: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C), 4 (AV:N/AC:H/Au:N/C:P/I:N/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Сro
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.htmlhttp://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.htmlhttp://piwigo.org/bugs/view.php?id=0002844http://piwigo.org/forum/viewtopic.php?id=21470http://piwigo.org/releases/2.4.7http://secunia.com/advisories/52228http://www.exploit-db.com/exploits/24561http://www.osvdb.org/90504https://www.htbridge.com/advisory/HTB23144http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.htmlhttp://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.htmlhttp://piwigo.org/bugs/view.php?id=0002844http://piwigo.org/forum/viewtopic.php?id=21470http://piwigo.org/releases/2.4.7http://secunia.com/advisories/52228http://www.exploit-db.com/exploits/24561http://www.osvdb.org/90504https://www.htbridge.com/advisory/HTB23144
2013-03-14
Published