Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Remediation

References

CVE-2013-1468

Related Vulnerabilities

WordPress Plugin Comment Highlighter SQL Injection (0.13)

MySQL CVE-2022-21600 Vulnerability (CVE-2022-21600)

WordPress Plugin Simple Video Embedder Cross-Site Scripting (2.2)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8628)

Severity

High

Classification

CVE-2013-1468 CWE-352

Tags

Missing Update Known Vulnerabilities