FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

piwigo -- CSRF/Path Traversal

Affected packages
piwigo < 2.4.7

Details

VuXML ID edd201a5-8fc3-11e2-b131-000c299b62e1
Discovery 2013-02-06
Entry 2013-03-18

High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server.

The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.

References

CVE Name CVE-2013-1468
CVE Name CVE-2013-1469
URL http://dl.packetstormsecurity.net/1302-exploits/piwigo246-traversalxsrf.txt
URL http://piwigo.org/bugs/view.php?id=0002843
URL http://piwigo.org/bugs/view.php?id=0002844