Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Remediation

References

CVE-2013-1468

Related Vulnerabilities

WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (2.2.4)

Apache 2.x version older than 2.2.8

Jetty Weak Authentication Vulnerability (CVE-2023-41900)

ownCloud Improper Input Validation Vulnerability (CVE-2012-5336)

Severity

High

Classification

CVE-2013-1468 CWE-352

Tags

Missing Update Known Vulnerabilities