Description

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.

Remediation

References

CVE-2017-10681

Related Vulnerabilities

WordPress Plugin Dropbox Folder Share Local File Inclusion (1.9.7)

WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29051)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)

Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)

Severity

High

Classification

CVE-2017-10681 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities