Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Gallery-Best WordPress YouTube Gallery Multiple Vulnerabilities (1.7.6)
Moodle Other Vulnerability (CVE-2004-2235)
Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)
WordPress Plugin Google Map Remote Code Execution (1.0)
WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)