Description

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.

Remediation

References

CVE-2017-17827

Related Vulnerabilities

Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)

Oracle Database Server CVE-2016-0467 Vulnerability (CVE-2016-0467)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.3.10)

WordPress Plugin Nofollow for external link Multiple Unspecified Vulnerabilities (1.1.2)

WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)

Severity

High

Classification

CVE-2017-17827 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities