Description

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

Remediation

References

CVE-2017-9464

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)

WordPress Plugin CloudFlare Multiple Unspecified Vulnerabilities (1.1.6)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20032)

WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.2.46)

Python Integer Overflow or Wraparound Vulnerability (CVE-2016-5636)

Severity

Medium

Classification

CVE-2017-9464 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities