Test Kennung:	1.3.6.1.4.1.25623.1.0.803340
Kategorie:	Web application abuses
Titel:	Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities
Zusammenfassung:	This host is installed with Piwigo and is prone to cross site; request forgery and path traversal vulnerabilities.
Beschreibung:	Summary: This host is installed with Piwigo and is prone to cross site request forgery and path traversal vulnerabilities. Vulnerability Insight: - Flaw in the LocalFiles Editor plugin, it does not require multiple steps or explicit confirmation for sensitive transactions. - Input passed via 'dl' parameter to install.php is not properly sanitized before being used. Vulnerability Impact: Successful exploitation will allow remote attackers to create arbitrary PHP file or to retrieve and delete arbitrary files in the context of the affected application. Affected Software/OS: Piwigo version 2.4.6 and prior Solution: Upgrade to Piwigo version 2.4.7 CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 58016 BugTraq ID: 58080 Common Vulnerability Exposure (CVE) ID: CVE-2013-1468 Bugtraq: 20130227 Multiple Vulnerabilities in Piwigo (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html http://www.exploit-db.com/exploits/24561 http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html https://www.htbridge.com/advisory/HTB23144 http://www.osvdb.org/90504 http://secunia.com/advisories/52228 Common Vulnerability Exposure (CVE) ID: CVE-2013-1469 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.