Description
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.30)
WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)
WordPress Plugin Portfolio Gallery-Image Gallery Cross-Site Request Forgery (1.1.2)
WordPress Plugin WP Activity Log Premium SQL Injection (4.6.4)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)