CVE-2017-9464
First published: Wed Jun 14 2017(Updated: )
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo | <=2.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9464?
CVE-2017-9464 is classified as a medium severity vulnerability due to its potential for phishing attacks.
How do I fix CVE-2017-9464?
To fix CVE-2017-9464, users should update Piwigo to a version later than 2.9.0 where the vulnerability has been addressed.
What component is affected by CVE-2017-9464?
The identification.php component of Piwigo is affected by CVE-2017-9464 due to the unvalidated "redirect" parameter.
Who can exploit CVE-2017-9464?
Remote attackers can exploit CVE-2017-9464 to redirect users to arbitrary websites.
What versions of Piwigo are vulnerable to CVE-2017-9464?
Piwigo versions 2.9 and prior are vulnerable to CVE-2017-9464.
- agent/references
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- vendor/piwigo
- canonical/piwigo
- version/piwigo/2.9.0