2 matches found
CVE-2016-10514
urlcheckformat in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring...
CVE-2016-10514
This CVE affects Piwigo prior to 2.8.3. The flaw is in url_check_format (include/functions.inc.php) that lets remote attackers bypass access restrictions via URLs containing a quote character (") or URLs not starting with http:// or https://. Impact is a bypass of access controls; integrity and c...