Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0804 Vulnerability (CVE-2011-0804)
Ruby Numeric Errors Vulnerability (CVE-2008-2726)
WordPress Plugin Facebook Members Cross-Site Scripting (7.0)
WordPress Plugin NextScripts:Social Networks Auto-Poster Security Bypass (4.3.17)
WordPress Plugin Oi Yandex.Maps for WordPress Cross-Site Scripting (3.2.7)