CVE-2013-1468

high

Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

References

http://www.osvdb.org/90504

http://secunia.com/advisories/52228

http://piwigo.org/releases/2.4.7

http://piwigo.org/forum/viewtopic.php?id=21470

http://piwigo.org/bugs/view.php?id=0002844

http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html

Details

Source: Mitre, NVD

Published: 2013-03-14

Updated: 2013-10-03

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H