piwigo -- CSRF/Path Traversal

ID EDD201A5-8FC3-11E2-B131-000C299B62E1
Type freebsd
Reporter FreeBSD
Modified 2013-02-06T00:00:00


High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server. The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.