Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Prototype Pollution (3.0.0 - 3.9.4)
WordPress Plugin aoringo TAG upper Cross-Site Scripting (0.1.6)
MySQL CVE-2018-3276 Vulnerability (CVE-2018-3276)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)
WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)