Description

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.

Remediation

References

CVE-2016-10514

Related Vulnerabilities

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14634)

WordPress Plugin Dtracker Multiple Vulnerabilities (1.5)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)

WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)

ownCloud Improper Input Validation Vulnerability (CVE-2013-1939)

Severity

Medium

Classification

CVE-2016-10514 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities