2 matches found
CVE-2014-4613
Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...
CVE-2014-4613
CVE-2014-4613 describes a cross-site request forgery in the Piwigo administration panel prior to 2.6.2. The issue allows remote attackers to hijack administrator sessions by crafting requests to ws.php with a pwg.users.add action to add new users. Affected software: Piwigo versions before 2.6.2. ...