Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803340 |
Kategorie: | Web application abuses |
Titel: | Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities |
Zusammenfassung: | This host is installed with Piwigo and is prone to cross site; request forgery and path traversal vulnerabilities. |
Beschreibung: | Summary: This host is installed with Piwigo and is prone to cross site request forgery and path traversal vulnerabilities. Vulnerability Insight: - Flaw in the LocalFiles Editor plugin, it does not require multiple steps or explicit confirmation for sensitive transactions. - Input passed via 'dl' parameter to install.php is not properly sanitized before being used. Vulnerability Impact: Successful exploitation will allow remote attackers to create arbitrary PHP file or to retrieve and delete arbitrary files in the context of the affected application. Affected Software/OS: Piwigo version 2.4.6 and prior Solution: Upgrade to Piwigo version 2.4.7 CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
Querverweis: |
BugTraq ID: 58016 BugTraq ID: 58080 Common Vulnerability Exposure (CVE) ID: CVE-2013-1468 Bugtraq: 20130227 Multiple Vulnerabilities in Piwigo (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html http://www.exploit-db.com/exploits/24561 http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html https://www.htbridge.com/advisory/HTB23144 http://www.osvdb.org/90504 http://secunia.com/advisories/52228 Common Vulnerability Exposure (CVE) ID: CVE-2013-1469 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |