Description

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Remediation

References

CVE-2013-1469

Related Vulnerabilities

WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9061)

WordPress Plugin Splashing Images Multiple Vulnerabilities (2.1)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)

WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

Severity

Medium

Classification

CVE-2013-1469 CWE-22

Tags

Missing Update Known Vulnerabilities