Описание
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.3 (включая)
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02052
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.2
ubuntu
около 9 лет назад
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
CVSS3: 7.2
debian
около 9 лет назад
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenti ...
CVSS3: 7.2
github
больше 3 лет назад
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
EPSS
Процентиль: 83%
0.02052
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284