Piwigo Arbitrary File Disclosure And Arbitrary File Deletion Vulnerabilities Network Vulnerability

Summary

Piwigo is prone to an arbitrary file-disclosure vulnerability and an arbitrary file-deletion vulnerability because the application fails to sanitize user-supplied input. An attacker can exploit these vulnerabilities to view arbitrary files on the affected computer and to delete arbitrary files within the context of the affected application. Other attacks are also possible. Piwigo 2.4.6 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references or vendor advisory for more information.

References

http://piwigo.org
http://www.securityfocus.com/bid/58016

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Path Traversal Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
ArticleFR CMS Multiple Vulnerabilities - Jan15
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Admin Bot 'news.php' SQL Injection Vulnerability

Piwigo Arbitrary File Disclosure and Arbitrary File Deletion Vulnerabilities

Take action and discover your vulnerabilities