Who is affected by CVE-2014-4614?

CVE-2014-4614 affects administrators of Piwigo versions prior to 2.6.2.

What actions can attackers perform using CVE-2014-4614?

Attackers can hijack administrator authentication for various actions such as adding or deleting users and modifying group information.

How can I mitigate the risks associated with CVE-2014-4614?

The best mitigation is to upgrade to Piwigo version 2.6.2 or later to patch the vulnerabilities.

What is the potential impact of CVE-2014-4614 on my Piwigo installation?

CVE-2014-4614 could allow unauthorized access and manipulation of user groups and permissions, compromising the integrity of your Piwigo installation.

Vulnerability/
CVE-2014-4614

medium

6.8

CWE

352

2/7/2014

6/8/2024

CVE-2014-4614: CSRF

Q: What types of vulnerabilities does CVE-2014-4614 include?

CVE-2014-4614 includes multiple cross-site request forgery (CSRF) vulnerabilities affecting Piwigo.

First published: Wed Jul 02 2014(Updated: )

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Piwigo Piwigo	<=2.6.1
Piwigo Piwigo	=1.0.0
Piwigo Piwigo	=1.0.1
Piwigo Piwigo	=1.0.2
Piwigo Piwigo	=1.1.0
Piwigo Piwigo	=1.2.0
Piwigo Piwigo	=1.2.1
Piwigo Piwigo	=1.3.0
Piwigo Piwigo	=1.3.1
Piwigo Piwigo	=1.3.2
Piwigo Piwigo	=1.3.3
Piwigo Piwigo	=1.3.4
Piwigo Piwigo	=1.4.0
Piwigo Piwigo	=1.4.1
Piwigo Piwigo	=1.5.0
Piwigo Piwigo	=1.5.1
Piwigo Piwigo	=1.5.2
Piwigo Piwigo	=1.6.0
Piwigo Piwigo	=1.6.1
Piwigo Piwigo	=1.6.2
Piwigo Piwigo	=1.7.0
Piwigo Piwigo	=1.7.1
Piwigo Piwigo	=1.7.2
Piwigo Piwigo	=1.7.3
Piwigo Piwigo	=2.0
Piwigo Piwigo	=2.0.0
Piwigo Piwigo	=2.0.1
Piwigo Piwigo	=2.0.2
Piwigo Piwigo	=2.0.3
Piwigo Piwigo	=2.0.4
Piwigo Piwigo	=2.0.5
Piwigo Piwigo	=2.0.6
Piwigo Piwigo	=2.0.7
Piwigo Piwigo	=2.0.8
Piwigo Piwigo	=2.0.9
Piwigo Piwigo	=2.0.10
Piwigo Piwigo	=2.1.0
Piwigo Piwigo	=2.1.1
Piwigo Piwigo	=2.1.2
Piwigo Piwigo	=2.1.3
Piwigo Piwigo	=2.1.4
Piwigo Piwigo	=2.1.5
Piwigo Piwigo	=2.1.6
Piwigo Piwigo	=2.2.0
Piwigo Piwigo	=2.2.1
Piwigo Piwigo	=2.2.2
Piwigo Piwigo	=2.2.3
Piwigo Piwigo	=2.2.4
Piwigo Piwigo	=2.2.5
Piwigo Piwigo	=2.3.0
Piwigo Piwigo	=2.3.1
Piwigo Piwigo	=2.3.2
Piwigo Piwigo	=2.3.3
Piwigo Piwigo	=2.3.4
Piwigo Piwigo	=2.3.5
Piwigo Piwigo	=2.4.0
Piwigo Piwigo	=2.4.1
Piwigo Piwigo	=2.4.2
Piwigo Piwigo	=2.4.3
Piwigo Piwigo	=2.4.4
Piwigo Piwigo	=2.4.5
Piwigo Piwigo	=2.4.6
Piwigo Piwigo	=2.4.7
Piwigo Piwigo	=2.5.0
Piwigo Piwigo	=2.6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What types of vulnerabilities does CVE-2014-4614 include?
CVE-2014-4614 includes multiple cross-site request forgery (CSRF) vulnerabilities affecting Piwigo.
Who is affected by CVE-2014-4614?
CVE-2014-4614 affects administrators of Piwigo versions prior to 2.6.2.
What actions can attackers perform using CVE-2014-4614?
Attackers can hijack administrator authentication for various actions such as adding or deleting users and modifying group information.
How can I mitigate the risks associated with CVE-2014-4614?
The best mitigation is to upgrade to Piwigo version 2.6.2 or later to patch the vulnerabilities.
What is the potential impact of CVE-2014-4614 on my Piwigo installation?
CVE-2014-4614 could allow unauthorized access and manipulation of user groups and permissions, compromising the integrity of your Piwigo installation.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/tags
agent/description
agent/event
agent/author
agent/first-publish-date
agent/source
vendor/piwigo
canonical/piwigo piwigo
version/piwigo piwigo/2.6.1
version/piwigo piwigo/1.0.0
version/piwigo piwigo/1.0.1
version/piwigo piwigo/1.0.2
version/piwigo piwigo/1.1.0
version/piwigo piwigo/1.2.0
version/piwigo piwigo/1.2.1
version/piwigo piwigo/1.3.0
version/piwigo piwigo/1.3.1
version/piwigo piwigo/1.3.2
version/piwigo piwigo/1.3.3
version/piwigo piwigo/1.3.4
version/piwigo piwigo/1.4.0
version/piwigo piwigo/1.4.1
version/piwigo piwigo/1.5.0
version/piwigo piwigo/1.5.1
version/piwigo piwigo/1.5.2
version/piwigo piwigo/1.6.0
version/piwigo piwigo/1.6.1
version/piwigo piwigo/1.6.2
version/piwigo piwigo/1.7.0
version/piwigo piwigo/1.7.1
version/piwigo piwigo/1.7.2
version/piwigo piwigo/1.7.3
version/piwigo piwigo/2.0
version/piwigo piwigo/2.0.0
version/piwigo piwigo/2.0.1
version/piwigo piwigo/2.0.2
version/piwigo piwigo/2.0.3
version/piwigo piwigo/2.0.4
version/piwigo piwigo/2.0.5
version/piwigo piwigo/2.0.6
version/piwigo piwigo/2.0.7
version/piwigo piwigo/2.0.8
version/piwigo piwigo/2.0.9
version/piwigo piwigo/2.0.10
version/piwigo piwigo/2.1.0
version/piwigo piwigo/2.1.1
version/piwigo piwigo/2.1.2
version/piwigo piwigo/2.1.3
version/piwigo piwigo/2.1.4
version/piwigo piwigo/2.1.5
version/piwigo piwigo/2.1.6
version/piwigo piwigo/2.2.0
version/piwigo piwigo/2.2.1
version/piwigo piwigo/2.2.2
version/piwigo piwigo/2.2.3
version/piwigo piwigo/2.2.4
version/piwigo piwigo/2.2.5
version/piwigo piwigo/2.3.0
version/piwigo piwigo/2.3.1
version/piwigo piwigo/2.3.2
version/piwigo piwigo/2.3.3
version/piwigo piwigo/2.3.4
version/piwigo piwigo/2.3.5
version/piwigo piwigo/2.4.0
version/piwigo piwigo/2.4.1
version/piwigo piwigo/2.4.2
version/piwigo piwigo/2.4.3
version/piwigo piwigo/2.4.4
version/piwigo piwigo/2.4.5
version/piwigo piwigo/2.4.6
version/piwigo piwigo/2.4.7
version/piwigo piwigo/2.5.0
version/piwigo piwigo/2.6.0

CVE-2014-4614: CSRF

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What types of vulnerabilities does CVE-2014-4614 include?

Who is affected by CVE-2014-4614?

What actions can attackers perform using CVE-2014-4614?

How can I mitigate the risks associated with CVE-2014-4614?

What is the potential impact of CVE-2014-4614 on my Piwigo installation?

Company

Resources

Contact

Frequently Asked Questions

What types of vulnerabilities does CVE-2014-4614 include?

Who is affected by CVE-2014-4614?

What actions can attackers perform using CVE-2014-4614?

How can I mitigate the risks associated with CVE-2014-4614?

What is the potential impact of CVE-2014-4614 on my Piwigo installation?