Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Remediation

References

CVE-2013-1468

Related Vulnerabilities

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-15001)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)

ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4547)

Joomla! Core Directory Traversal (1.5.0 - 3.9.4)

Java Unspesificed Vulnerability (CVE-2019-2816)

Severity

High

Classification

CVE-2013-1468 CWE-352

Tags

Missing Update Known Vulnerabilities