Description

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

Remediation

References

CVE-2017-9464

Related Vulnerabilities

WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)

WordPress Plugin Sunshine Photo Cart Cross-Site Request Forgery (2.8.28)

WordPress Plugin AffiliateWP Cross-Site Scripting (2.0.9)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0864)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2339)

Severity

Medium

Classification

CVE-2017-9464 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities