Description

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

Remediation

References

CVE-2012-2208

Related Vulnerabilities

MySQL CVE-2022-21325 Vulnerability (CVE-2022-21325)

Joomla Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-26038)

WordPress Plugin Nginx Helper Cross-Site Scripting (1.8.9)

WordPress Plugin Yet Another bol.com Cross-Site Scripting (1.4)

WordPress Plugin XData Toolkit Arbitrary File Upload (1.9)

Severity

High

Classification

CVE-2012-2208 CWE-22

Tags

Missing Update Known Vulnerabilities