CVE-2013-1469
published 2013-03-13CVE-2013-1469: Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl…
PriorityP346medium4CVSS 2.0
AVNACHAuNCPINAP
EXPLOIT
EPSS
56.01%
98.9th percentile
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| piwigo | piwigo | <= 2.4.6 | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
| piwigo | piwigo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /install.php containing a 'dl' parameter with directory traversal sequences (e.g., '../' or '..') — the script is accessible without authentication after installation by default. ↗
- →Alert on GET requests to /install.php where the 'dl' parameter value contains '../' sequences, indicating a path traversal attempt to read or delete arbitrary files. ↗
- →The vulnerable code path prepends 'pwg_' to the user-supplied 'dl' value; on Windows PHP installations, file_exists() resolves paths through non-existing intermediate directories (e.g., 'pwg_/'), making traversal viable specifically on Windows/PHP 5.3.x environments. ↗
- ·Exploitation is platform-dependent: the path traversal via the 'pwg_' prefix bypass only works on Windows PHP installations where file_exists() resolves paths through non-existing intermediate directories. Linux/Unix systems are not affected in the same way. ↗
- ·File deletion occurs as a side effect of exploitation: any file successfully read via the traversal is also deleted if the web server process has write permissions to it. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Piwigo 2.7.2 - Multiple Vulnerabilities
exploitdb·2014-12-19·CVSS 7.6
CVE-2014-1470 [HIGH] Piwigo 2.7.2 - Multiple Vulnerabilities
Piwigo 2.7.2 - Multiple Vulnerabilities
---
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
# Exploit Title: Piwigo 2.7.2 - SQL Injection / Cross Site Scripting Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://www.piwigo.org/
# Vendor Name: Piwigo
# Version: 2.7.2
# CVE: CVE-2014-1470
# CVE References: CVE-2013-1468, CVE-2013-1469
# Author: TaurusOmar
# Tiwtter: @TaurusOmar_
# Email: [email protected]
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High
Description
Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures.
+ CROSS SITE SCRIPTING +
# Exploiting Description - Get into code xss in the box of group list.
Add Group
Name Group
YOUR GROUP NAME O POC
Canc
Exploit-DB
Piwigo 2.4.6 - Multiple Vulnerabilities
exploitdb·2013-03-01·CVSS 7.6
CVE-2013-1469 [HIGH] Piwigo 2.4.6 - Multiple Vulnerabilities
Piwigo 2.4.6 - Multiple Vulnerabilities
---
Advisory ID: HTB23144
Product: Piwigo
Vendor: Piwigo project
Vulnerable Version(s): 2.4.6 and probably prior
Tested Version: 2.4.6
Vendor Notification: February 6, 2013
Vendor Patch: February 19, 2013
Public Disclosure: February 27, 2013
Vulnerability Type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22]
CVE References: CVE-2013-1468, CVE-2013-1469
Risk Level: High
CVSSv2 Base Scores: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C), 4 (AV:N/AC:H/Au:N/C:P/I:N/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Сro
Exploit-DB
Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete
exploitdb·2013-02-19
CVE-2013-1469 Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete
Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete
---
Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability
Vendor: Piwigo project
Product web page: http://www.piwigo.org
Affected version: 2.4.6
Summary: Piwigo is a photo gallery software for the web that comes
with powerful features to publish and manage your collection of
pictures.
Desc: Input passed to the 'dl' parameter in 'install.php' script
is not properly sanitised before being used to get the contents of
a resource or delete files. This can be exploited to read and delete
arbitrary data from local resources with the permissions of the web
server via directory traversal attack.
/install.php:
113: if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']))
11
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.htmlhttp://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.htmlhttp://piwigo.org/bugs/view.php?id=0002843http://piwigo.org/forum/viewtopic.php?id=21470http://piwigo.org/releases/2.4.7http://www.exploit-db.com/exploits/24561http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.phphttps://www.htbridge.com/advisory/HTB23144http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.htmlhttp://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.htmlhttp://piwigo.org/bugs/view.php?id=0002843http://piwigo.org/forum/viewtopic.php?id=21470http://piwigo.org/releases/2.4.7http://www.exploit-db.com/exploits/24561http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.phphttps://www.htbridge.com/advisory/HTB23144
2013-03-13
Published