exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2024-26450

почти 2 года назад

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-26450

почти 2 года назад

An issue exists within Piwigo before v.14.2.0 allowing a malicious use ...

CVSS3: 5.4

EPSS: Низкий

GHSA-wqm3-jgh5-wqrh

почти 2 года назад

Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a remote attacker to escalate privileges via the batch function on the admin page.

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-26450 An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.	CVSS3: 5.4	0% Низкий	почти 2 года назад
CVE-2024-26450 An issue exists within Piwigo before v.14.2.0 allowing a malicious use ...	CVSS3: 5.4	0% Низкий	почти 2 года назад
GHSA-wqm3-jgh5-wqrh Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a remote attacker to escalate privileges via the batch function on the admin page.	CVSS3: 5.4	0% Низкий	почти 2 года назад

Уязвимостей на страницу