ID de Prueba:	1.3.6.1.4.1.25623.1.0.803340
Categoría:	Web application abuses
Título:	Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities
Resumen:	Piwigo is prone to cross-site request forgery (CSRF) and path; traversal vulnerabilities.
Descripción:	Summary: Piwigo is prone to cross-site request forgery (CSRF) and path traversal vulnerabilities. Vulnerability Insight: - Flaw in the LocalFiles Editor plugin, it does not require multiple steps or explicit confirmation for sensitive transactions. - Input passed via 'dl' parameter to install.php is not properly sanitized before being used. Vulnerability Impact: Successful exploitation will allow remote attackers to create arbitrary PHP file or to retrieve and delete arbitrary files in the context of the affected application. Affected Software/OS: Piwigo version 2.4.6 and prior Solution: Upgrade to Piwigo version 2.4.7 CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1468 Bugtraq: 20130227 Multiple Vulnerabilities in Piwigo (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html http://www.exploit-db.com/exploits/24561 http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html https://www.htbridge.com/advisory/HTB23144 http://www.osvdb.org/90504 http://secunia.com/advisories/52228 Common Vulnerability Exposure (CVE) ID: CVE-2013-1469 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.