Description

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

Remediation

References

CVE-2017-9464

Related Vulnerabilities

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10003)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions SQL Injection (2.5.5)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)

WordPress Plugin Support Ticket System By Phoeniixx Unspecified Vulnerability (2.7)

Oracle Database Server CVE-2009-3410 Vulnerability (CVE-2009-3410)

Severity

Medium

Classification

CVE-2017-9464 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities