Description

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.

Remediation

References

CVE-2016-10514

Related Vulnerabilities

WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)

SharePoint CVE-2020-17121 Vulnerability (CVE-2020-17121)

WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)

MySQL CVE-2024-21244 Vulnerability (CVE-2024-21244)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2016-10514 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities