CVE-2013-1468: CSRF
First published: Thu Mar 14 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo Piwigo | <=2.4.6 | |
| Piwigo Piwigo | =1.0.0 | |
| Piwigo Piwigo | =1.0.1 | |
| Piwigo Piwigo | =1.0.2 | |
| Piwigo Piwigo | =1.1.0 | |
| Piwigo Piwigo | =1.2.0 | |
| Piwigo Piwigo | =1.2.1 | |
| Piwigo Piwigo | =1.3.0 | |
| Piwigo Piwigo | =1.3.1 | |
| Piwigo Piwigo | =1.3.2 | |
| Piwigo Piwigo | =1.3.3 | |
| Piwigo Piwigo | =1.3.4 | |
| Piwigo Piwigo | =1.4.0 | |
| Piwigo Piwigo | =1.4.1 | |
| Piwigo Piwigo | =1.5.0 | |
| Piwigo Piwigo | =1.5.1 | |
| Piwigo Piwigo | =1.5.2 | |
| Piwigo Piwigo | =1.6.0 | |
| Piwigo Piwigo | =1.6.1 | |
| Piwigo Piwigo | =1.6.2 | |
| Piwigo Piwigo | =1.7.0 | |
| Piwigo Piwigo | =1.7.1 | |
| Piwigo Piwigo | =1.7.2 | |
| Piwigo Piwigo | =1.7.3 | |
| Piwigo Piwigo | =2.0 | |
| Piwigo Piwigo | =2.0.0 | |
| Piwigo Piwigo | =2.0.1 | |
| Piwigo Piwigo | =2.0.2 | |
| Piwigo Piwigo | =2.0.3 | |
| Piwigo Piwigo | =2.0.4 | |
| Piwigo Piwigo | =2.0.5 | |
| Piwigo Piwigo | =2.0.6 | |
| Piwigo Piwigo | =2.0.7 | |
| Piwigo Piwigo | =2.0.8 | |
| Piwigo Piwigo | =2.0.9 | |
| Piwigo Piwigo | =2.0.10 | |
| Piwigo Piwigo | =2.1.0 | |
| Piwigo Piwigo | =2.1.1 | |
| Piwigo Piwigo | =2.1.2 | |
| Piwigo Piwigo | =2.1.3 | |
| Piwigo Piwigo | =2.1.4 | |
| Piwigo Piwigo | =2.1.5 | |
| Piwigo Piwigo | =2.1.6 | |
| Piwigo Piwigo | =2.2.0 | |
| Piwigo Piwigo | =2.2.1 | |
| Piwigo Piwigo | =2.2.2 | |
| Piwigo Piwigo | =2.2.3 | |
| Piwigo Piwigo | =2.2.4 | |
| Piwigo Piwigo | =2.2.5 | |
| Piwigo Piwigo | =2.3.0 | |
| Piwigo Piwigo | =2.3.1 | |
| Piwigo Piwigo | =2.3.2 | |
| Piwigo Piwigo | =2.3.3 | |
| Piwigo Piwigo | =2.3.4 | |
| Piwigo Piwigo | =2.3.5 | |
| Piwigo Piwigo | =2.4.0 | |
| Piwigo Piwigo | =2.4.1 | |
| Piwigo Piwigo | =2.4.2 | |
| Piwigo Piwigo | =2.4.3 | |
| Piwigo Piwigo | =2.4.4 | |
| Piwigo Piwigo | =2.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html
- http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html
- http://piwigo.org/bugs/view.php?id=0002844
- http://piwigo.org/forum/viewtopic.php?id=21470
- http://piwigo.org/releases/2.4.7
- http://secunia.com/advisories/52228
- http://www.exploit-db.com/exploits/24561
- http://www.osvdb.org/90504
- https://www.htbridge.com/advisory/HTB23144
Frequently Asked Questions
What is the severity of CVE-2013-1468?
CVE-2013-1468 is classified as a medium severity vulnerability, primarily impacting the LocalFiles Editor plugin in Piwigo prior to version 2.4.7.
How do I fix CVE-2013-1468?
To resolve CVE-2013-1468, upgrade the Piwigo installation to version 2.4.7 or later.
Which versions of Piwigo are affected by CVE-2013-1468?
CVE-2013-1468 affects all versions of Piwigo before 2.4.7, including versions 1.0.0 through 2.4.6.
What type of vulnerability is CVE-2013-1468?
CVE-2013-1468 is a cross-site request forgery (CSRF) vulnerability, allowing attackers to perform unauthorized actions on behalf of administrators.
What can an attacker exploit in CVE-2013-1468?
An attacker could exploit CVE-2013-1468 to hijack administrator authentication and create arbitrary PHP files through the LocalFiles Editor plugin.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- vendor/piwigo
- canonical/piwigo piwigo
- version/piwigo piwigo/2.4.6
- version/piwigo piwigo/1.0.0
- version/piwigo piwigo/1.0.1
- version/piwigo piwigo/1.0.2
- version/piwigo piwigo/1.1.0
- version/piwigo piwigo/1.2.0
- version/piwigo piwigo/1.2.1
- version/piwigo piwigo/1.3.0
- version/piwigo piwigo/1.3.1
- version/piwigo piwigo/1.3.2
- version/piwigo piwigo/1.3.3
- version/piwigo piwigo/1.3.4
- version/piwigo piwigo/1.4.0
- version/piwigo piwigo/1.4.1
- version/piwigo piwigo/1.5.0
- version/piwigo piwigo/1.5.1
- version/piwigo piwigo/1.5.2
- version/piwigo piwigo/1.6.0
- version/piwigo piwigo/1.6.1
- version/piwigo piwigo/1.6.2
- version/piwigo piwigo/1.7.0
- version/piwigo piwigo/1.7.1
- version/piwigo piwigo/1.7.2
- version/piwigo piwigo/1.7.3
- version/piwigo piwigo/2.0
- version/piwigo piwigo/2.0.0
- version/piwigo piwigo/2.0.1
- version/piwigo piwigo/2.0.2
- version/piwigo piwigo/2.0.3
- version/piwigo piwigo/2.0.4
- version/piwigo piwigo/2.0.5
- version/piwigo piwigo/2.0.6
- version/piwigo piwigo/2.0.7
- version/piwigo piwigo/2.0.8
- version/piwigo piwigo/2.0.9
- version/piwigo piwigo/2.0.10
- version/piwigo piwigo/2.1.0
- version/piwigo piwigo/2.1.1
- version/piwigo piwigo/2.1.2
- version/piwigo piwigo/2.1.3
- version/piwigo piwigo/2.1.4
- version/piwigo piwigo/2.1.5
- version/piwigo piwigo/2.1.6
- version/piwigo piwigo/2.2.0
- version/piwigo piwigo/2.2.1
- version/piwigo piwigo/2.2.2
- version/piwigo piwigo/2.2.3
- version/piwigo piwigo/2.2.4
- version/piwigo piwigo/2.2.5
- version/piwigo piwigo/2.3.0
- version/piwigo piwigo/2.3.1
- version/piwigo piwigo/2.3.2
- version/piwigo piwigo/2.3.3
- version/piwigo piwigo/2.3.4
- version/piwigo piwigo/2.3.5
- version/piwigo piwigo/2.4.0
- version/piwigo piwigo/2.4.1
- version/piwigo piwigo/2.4.2
- version/piwigo piwigo/2.4.3
- version/piwigo piwigo/2.4.4
- version/piwigo piwigo/2.4.5