CVE-2013-1469

critical

Description

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

References

http://piwigo.org/releases/2.4.7

http://piwigo.org/forum/viewtopic.php?id=21470

http://piwigo.org/bugs/view.php?id=0002843

Details

Source: Mitre, NVD

Published: 2013-03-13

Updated: 2013-03-19

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics