Описание
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Ссылки
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.3 (включая)
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00806
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 9 лет назад
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
CVSS3: 9.8
debian
около 9 лет назад
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...
CVSS3: 9.8
github
больше 3 лет назад
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
EPSS
Процентиль: 74%
0.00806
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200