Description
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-3017)
Oracle Database Server Other Vulnerability (CVE-2007-3853)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3065)
Squid Improper Input Validation Vulnerability (CVE-2009-2855)