Lucene search

MitreCVE-2013-1468

HistoryMar 14, 2013 - 3:13 a.m.

CVE-2013-1468

2013-03-1403:13:32

CWE-352

mitre

web.nvd.nist.gov

cve-2013-1468

csrf

vulnerability

localfiles editor

piwigo

authentication hijacking

administrators

php files

nvd

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.316

Percentile

97.1%

JSON

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Affected configurations

Nvd

Node

piwigopiwigoRange≤2.4.6

piwigopiwigoMatch1.0.0-

piwigopiwigoMatch1.0.1

piwigopiwigoMatch1.0.2

piwigopiwigoMatch1.1.0

piwigopiwigoMatch1.2.0

piwigopiwigoMatch1.2.1

piwigopiwigoMatch1.3.0

piwigopiwigoMatch1.3.1

piwigopiwigoMatch1.3.2

piwigopiwigoMatch1.3.3

piwigopiwigoMatch1.3.4

piwigopiwigoMatch1.4.0

piwigopiwigoMatch1.4.1

piwigopiwigoMatch1.5.0

piwigopiwigoMatch1.5.1

piwigopiwigoMatch1.5.2

piwigopiwigoMatch1.6.0

piwigopiwigoMatch1.6.1

piwigopiwigoMatch1.6.2

piwigopiwigoMatch1.7.0

piwigopiwigoMatch1.7.1

piwigopiwigoMatch1.7.2

piwigopiwigoMatch1.7.3

piwigopiwigoMatch2.0

piwigopiwigoMatch2.0.0

piwigopiwigoMatch2.0.1

piwigopiwigoMatch2.0.2

piwigopiwigoMatch2.0.3

piwigopiwigoMatch2.0.4

piwigopiwigoMatch2.0.5

piwigopiwigoMatch2.0.6

piwigopiwigoMatch2.0.7

piwigopiwigoMatch2.0.8

piwigopiwigoMatch2.0.9

piwigopiwigoMatch2.0.10

piwigopiwigoMatch2.1.0

piwigopiwigoMatch2.1.1

piwigopiwigoMatch2.1.2

piwigopiwigoMatch2.1.3

piwigopiwigoMatch2.1.4

piwigopiwigoMatch2.1.5

piwigopiwigoMatch2.1.6

piwigopiwigoMatch2.2.0

piwigopiwigoMatch2.2.1

piwigopiwigoMatch2.2.2

piwigopiwigoMatch2.2.3

piwigopiwigoMatch2.2.4

piwigopiwigoMatch2.2.5

piwigopiwigoMatch2.3.0

piwigopiwigoMatch2.3.1

piwigopiwigoMatch2.3.2

piwigopiwigoMatch2.3.3

piwigopiwigoMatch2.3.4

piwigopiwigoMatch2.3.5

piwigopiwigoMatch2.4.0

piwigopiwigoMatch2.4.1

piwigopiwigoMatch2.4.2

piwigopiwigoMatch2.4.3

piwigopiwigoMatch2.4.4

piwigopiwigoMatch2.4.5

VendorProductVersionCPE
piwigopiwigo*cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
piwigopiwigo1.0.0cpe:2.3:a:piwigo:piwigo:1.0.0:-:*:*:*:*:*:*
piwigopiwigo1.0.1cpe:2.3:a:piwigo:piwigo:1.0.1:*:*:*:*:*:*:*
piwigopiwigo1.0.2cpe:2.3:a:piwigo:piwigo:1.0.2:*:*:*:*:*:*:*
piwigopiwigo1.1.0cpe:2.3:a:piwigo:piwigo:1.1.0:*:*:*:*:*:*:*
piwigopiwigo1.2.0cpe:2.3:a:piwigo:piwigo:1.2.0:*:*:*:*:*:*:*
piwigopiwigo1.2.1cpe:2.3:a:piwigo:piwigo:1.2.1:*:*:*:*:*:*:*
piwigopiwigo1.3.0cpe:2.3:a:piwigo:piwigo:1.3.0:*:*:*:*:*:*:*
piwigopiwigo1.3.1cpe:2.3:a:piwigo:piwigo:1.3.1:*:*:*:*:*:*:*
piwigopiwigo1.3.2cpe:2.3:a:piwigo:piwigo:1.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
piwigo	piwigo	*	cpe:2.3:a:piwigo:piwigo::::::::
piwigo	piwigo	1.0.0	cpe:2.3:a:piwigo:piwigo:1.0.0:-::::::
piwigo	piwigo	1.0.1	cpe:2.3:a:piwigo:piwigo:1.0.1:::::::*
piwigo	piwigo	1.0.2	cpe:2.3:a:piwigo:piwigo:1.0.2:::::::*
piwigo	piwigo	1.1.0	cpe:2.3:a:piwigo:piwigo:1.1.0:::::::*
piwigo	piwigo	1.2.0	cpe:2.3:a:piwigo:piwigo:1.2.0:::::::*
piwigo	piwigo	1.2.1	cpe:2.3:a:piwigo:piwigo:1.2.1:::::::*
piwigo	piwigo	1.3.0	cpe:2.3:a:piwigo:piwigo:1.3.0:::::::*
piwigo	piwigo	1.3.1	cpe:2.3:a:piwigo:piwigo:1.3.1:::::::*
piwigo	piwigo	1.3.2	cpe:2.3:a:piwigo:piwigo:1.3.2:::::::*