Lucene search
MitreCVE-2013-1469HistoryMar 13, 2013 - 8:55 p.m.
CVE-2013-1469
2013-03-1320:55:02
CWE-22
mitre
web.nvd.nist.gov
34
cve-2013-1469
piwigo
directory traversal
vulnerability
install.php
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:N/A:P
AI Score
6.5
Confidence
Low
EPSS
0.485
Percentile
97.5%
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a … (dot dot) in the dl parameter.
Affected configurations
Node
piwigopiwigoRange≤2.4.6
ORpiwigopiwigoMatch1.0.0-
ORpiwigopiwigoMatch1.0.1
ORpiwigopiwigoMatch1.0.2
ORpiwigopiwigoMatch1.1.0
ORpiwigopiwigoMatch1.2.0
ORpiwigopiwigoMatch1.2.1
ORpiwigopiwigoMatch1.3.0
ORpiwigopiwigoMatch1.3.1
ORpiwigopiwigoMatch1.3.2
ORpiwigopiwigoMatch1.3.3
ORpiwigopiwigoMatch1.3.4
ORpiwigopiwigoMatch1.4.0
ORpiwigopiwigoMatch1.4.1
ORpiwigopiwigoMatch1.5.0
ORpiwigopiwigoMatch1.5.1
ORpiwigopiwigoMatch1.5.2
ORpiwigopiwigoMatch1.6.0
ORpiwigopiwigoMatch1.6.1
ORpiwigopiwigoMatch1.6.2
ORpiwigopiwigoMatch1.7.0
ORpiwigopiwigoMatch1.7.1
ORpiwigopiwigoMatch1.7.2
ORpiwigopiwigoMatch1.7.3
ORpiwigopiwigoMatch2.0
ORpiwigopiwigoMatch2.0.0
ORpiwigopiwigoMatch2.0.1
ORpiwigopiwigoMatch2.0.2
ORpiwigopiwigoMatch2.0.3
ORpiwigopiwigoMatch2.0.4
ORpiwigopiwigoMatch2.0.5
ORpiwigopiwigoMatch2.0.6
ORpiwigopiwigoMatch2.0.7
ORpiwigopiwigoMatch2.0.8
ORpiwigopiwigoMatch2.0.9
ORpiwigopiwigoMatch2.0.10
ORpiwigopiwigoMatch2.1.0
ORpiwigopiwigoMatch2.1.1
ORpiwigopiwigoMatch2.1.2
ORpiwigopiwigoMatch2.1.3
ORpiwigopiwigoMatch2.1.4
ORpiwigopiwigoMatch2.1.5
ORpiwigopiwigoMatch2.1.6
ORpiwigopiwigoMatch2.2.0
ORpiwigopiwigoMatch2.2.1
ORpiwigopiwigoMatch2.2.2
ORpiwigopiwigoMatch2.2.3
ORpiwigopiwigoMatch2.2.4
ORpiwigopiwigoMatch2.2.5
ORpiwigopiwigoMatch2.3.0
ORpiwigopiwigoMatch2.3.1
ORpiwigopiwigoMatch2.3.2
ORpiwigopiwigoMatch2.3.3
ORpiwigopiwigoMatch2.3.4
ORpiwigopiwigoMatch2.3.5
ORpiwigopiwigoMatch2.4.0
ORpiwigopiwigoMatch2.4.1
ORpiwigopiwigoMatch2.4.2
ORpiwigopiwigoMatch2.4.3
ORpiwigopiwigoMatch2.4.4
ORpiwigopiwigoMatch2.4.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| piwigo | piwigo | * | cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.0.0 | cpe:2.3:a:piwigo:piwigo:1.0.0:-:*:*:*:*:*:* |
| piwigo | piwigo | 1.0.1 | cpe:2.3:a:piwigo:piwigo:1.0.1:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.0.2 | cpe:2.3:a:piwigo:piwigo:1.0.2:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.1.0 | cpe:2.3:a:piwigo:piwigo:1.1.0:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.2.0 | cpe:2.3:a:piwigo:piwigo:1.2.0:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.2.1 | cpe:2.3:a:piwigo:piwigo:1.2.1:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.3.0 | cpe:2.3:a:piwigo:piwigo:1.3.0:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.3.1 | cpe:2.3:a:piwigo:piwigo:1.3.1:*:*:*:*:*:*:* |
| piwigo | piwigo | 1.3.2 | cpe:2.3:a:piwigo:piwigo:1.3.2:*:*:*:*:*:*:* |
References
archives.neohapsis.com/archives/bugtraq/2013-02/0153.html
packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html
piwigo.org/bugs/view.php?id=0002843
piwigo.org/forum/viewtopic.php?id=21470
piwigo.org/releases/2.4.7
www.exploit-db.com/exploits/24561
www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php
www.htbridge.com/advisory/HTB23144
Related
nessus
nessus
Piwigo install.php dl Parameter Traversal Arbitrary File Access
2013-04-02 00:00:00
zeroscience
zeroscience
Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability
2013-02-18 00:00:00
nvd
nvd
CVE-2013-1469
2013-03-13 20:55:02
prion
prion
Directory traversal
2013-03-13 20:55:00
cvelist
cvelist
CVE-2013-1469
2013-03-13 20:48:00
checkpoint_advisories
checkpoint_advisories
ubuntucve
ubuntucve
CVE-2013-1469
2013-03-13 00:00:00
exploitdb
exploitdb
Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete
2013-02-19 00:00:00
Piwigo 2.4.6 - Multiple Vulnerabilities
2013-03-01 00:00:00
Piwigo 2.7.2 - Multiple Vulnerabilities
2014-12-19 00:00:00
packetstorm
packetstorm
Piwigo 2.4.6 Cross Site Request Forgery / Traversal
2013-02-28 00:00:00
Piwigo 2.7.2 Cross Site Scripting / SQL Injection
2014-12-20 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in Piwigo
2013-03-03 00:00:00
openvas
openvas
Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities
2013-03-21 00:00:00
zdt
zdt
Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities
2013-03-01 00:00:00
Piwigo 2.4.6 - Multiple Vulnerabilities
2013-03-01 00:00:00
Piwigo 2.7.2 SQL Injection / Cross Site Scripting Vulnerabilities
2014-12-20 00:00:00
freebsd
freebsd
piwigo -- CSRF/Path Traversal
2013-02-06 00:00:00
exploitpack
exploitpack
Piwigo 2.4.6 - Multiple Vulnerabilities
2013-03-01 00:00:00
Piwigo 2.7.2 - Multiple Vulnerabilities
2014-12-19 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in Piwigo
2013-02-06 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:N/A:P
AI Score
6.5
Confidence
Low
EPSS
0.485
Percentile
97.5%
Related for CVE-2013-1469