9 matches found
EUVD-2018-19437
Malware in sbrugna...
Cross site request forgery (csrf)
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
Cross site request forgery (csrf)
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...
Design/Logic Flaw
The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2017-10681
Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request...
CVE-2017-10681
Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request...
CVE-2017-10681
CVE-2017-10681 is a CSRF vulnerability in Piwigo up to 2.9.1 that could allow hijacking user authentication for album-unlock actions. Connected records reference CVE-2017-10681 as related to broader issues in Piwigo 2.9.3 (e.g., stored XSS via admin endpoints) and state that CSRF exploitation rel...