Description
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Remediation
References
Related Vulnerabilities
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)
OpenSSL Inadequate Encryption Strength Vulnerability (CVE-2014-0224)
PHP-Fusion Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-3172)
MySQL CVE-2022-39403 Vulnerability (CVE-2022-39403)
WordPress Plugin Pods-Custom Content Types and Fields SQL Injection (2.5.1.1)