Vulnerabilities

CVE-2014-4614

by Fred · 02/07/2014

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.

Date published : 2014-07-02

http://piwigo.org/bugs/view.php?id=0003055

http://piwigo.org/releases/2.6.2

Similar

Tags: Cybersecurity Alert