Description

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

Remediation

References

CVE-2017-9464

Related Vulnerabilities

WordPress Plugin Brizy-Page Builder Security Bypass (2.4.44)

WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.1.10)

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-23327)

WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1)

Severity

Medium

Classification

CVE-2017-9464 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities