CVE-2017-10680
CVE-2017-10680
8.8
HighPublished:
Last updated:
Source:cve@mitre.org
Modified
Weakness (CWE)
CVSS Vector
v3.0- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.
References
cve@mitre.org
http://www.securityfocus.com/bid/99349cve@mitre.org
https://github.com/Piwigo/Piwigo/issues/721af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/99349af854a3a-2127-422b-91ae-364da2661108
https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0af854a3a-2127-422b-91ae-364da2661108
https://github.com/Piwigo/Piwigo/issues/721