Описание
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Ссылки
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Release Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Release Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Cross-site request forgery (CSRF) vulnerability in the administration ...
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2