Description

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Remediation

References

CVE-2013-1469

Related Vulnerabilities

MySQL CVE-2016-5441 Vulnerability (CVE-2016-5441)

Django Improper Input Validation Vulnerability (CVE-2019-3498)

b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)

WordPress 4.2.x Prototype Pollution (4.2 - 4.2.31)

Severity

Medium

Classification

CVE-2013-1469 CWE-22

Tags

Missing Update Known Vulnerabilities