cbcvebase.
CVE-2013-1469
published 2013-03-13

CVE-2013-1469: Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl…

PriorityP346medium4CVSS 2.0
AVNACHAuNCPINAP
EXPLOIT
EPSS
56.01%
98.9th percentile
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Affected

61 ranges· showing 25
VendorProductVersion rangeFixed in
piwigopiwigo<= 2.4.6
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo
piwigopiwigo

Detection & IOCsextracted from sources · hover to see the quote

path/install.php
urlhttp://localhost/piwigo/install.php?dl=../../../../../../lio_passwords.txt
urlhttp://piwigo/install.php?dl=/../../local/config/database.inc.php
path/local/config/database.inc.php
  • Monitor HTTP GET requests to /install.php containing a 'dl' parameter with directory traversal sequences (e.g., '../' or '..') — the script is accessible without authentication after installation by default.
  • Alert on GET requests to /install.php where the 'dl' parameter value contains '../' sequences, indicating a path traversal attempt to read or delete arbitrary files.
  • The vulnerable code path prepends 'pwg_' to the user-supplied 'dl' value; on Windows PHP installations, file_exists() resolves paths through non-existing intermediate directories (e.g., 'pwg_/'), making traversal viable specifically on Windows/PHP 5.3.x environments.
  • ·Exploitation is platform-dependent: the path traversal via the 'pwg_' prefix bypass only works on Windows PHP installations where file_exists() resolves paths through non-existing intermediate directories. Linux/Unix systems are not affected in the same way.
  • ·File deletion occurs as a side effect of exploitation: any file successfully read via the traversal is also deleted if the web server process has write permissions to it.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.