Описание
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.9.0 (включая)
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00192
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
debian
больше 8 лет назад
An open redirect vulnerability is present in Piwigo 2.9 and probably p ...
CVSS3: 6.1
github
больше 3 лет назад
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.
EPSS
Процентиль: 41%
0.00192
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601