First published: Tue Oct 10 2017(Updated: )
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Piwigo Piwigo | <=2.8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.