Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1469

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-1469
Last Modified 19 Mar 2013 12:00:00
Published 13 Mar 2013 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1469

Summary

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Vulnerable Systems

Application

  • Piwigo 1.0.0

  • Piwigo 1.0.1

  • Piwigo 1.0.2

  • Piwigo 1.1.0

  • Piwigo 1.2.0

  • Piwigo 1.2.1

  • Piwigo 1.3.0

  • Piwigo 1.3.1

  • Piwigo 1.3.2

  • Piwigo 1.3.3

  • Piwigo 1.3.4

  • Piwigo 1.4.0

  • Piwigo 1.4.1

  • Piwigo 1.5.0

  • Piwigo 1.5.1

  • Piwigo 1.5.2

  • Piwigo 1.6.0

  • Piwigo 1.6.1

  • Piwigo 1.6.2

  • Piwigo 1.7.0

  • Piwigo 1.7.1

  • Piwigo 1.7.2

  • Piwigo 1.7.3

  • Piwigo 2.0

  • Piwigo 2.0.0

  • Piwigo 2.0.1

  • Piwigo 2.0.10

  • Piwigo 2.0.2

  • Piwigo 2.0.3

  • Piwigo 2.0.4

  • Piwigo 2.0.5

  • Piwigo 2.0.6

  • Piwigo 2.0.7

  • Piwigo 2.0.8

  • Piwigo 2.0.9

  • Piwigo 2.1.0

  • Piwigo 2.1.1

  • Piwigo 2.1.2

  • Piwigo 2.1.3

  • Piwigo 2.1.4

  • Piwigo 2.1.5

  • Piwigo 2.1.6

  • Piwigo 2.2.0

  • Piwigo 2.2.1

  • Piwigo 2.2.2

  • Piwigo 2.2.3

  • Piwigo 2.2.4

  • Piwigo 2.2.5

  • Piwigo 2.3.0

  • Piwigo 2.3.1

  • Piwigo 2.3.2

  • Piwigo 2.3.3

  • Piwigo 2.3.4

  • Piwigo 2.3.5

  • Piwigo 2.4.0

  • Piwigo 2.4.1

  • Piwigo 2.4.2

  • Piwigo 2.4.3

  • Piwigo 2.4.4

  • Piwigo 2.4.5

  • Piwigo 2.4.6


References

MISC - https://www.htbridge.com/advisory/HTB23144

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php

EXPLOIT-DB - 24561

CONFIRM - http://piwigo.org/releases/2.4.7

CONFIRM - http://piwigo.org/forum/viewtopic.php?id=21470

CONFIRM - http://piwigo.org/bugs/view.php?id=0002843

MISC - http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html

BUGTRAQ - 20130227 Multiple Vulnerabilities in Piwigo


Last Updated: 27 May 2016 11:02:04