Two security issues in Piwigo version 2.4.6 was discovered and disclosed by High-Tech Bridge Security Research Lab. This photo gallery software for the web suffers from CSRF (Cross-Site Request Forgery) and Path Traversal vulnerabilities:1. Path Traversal: The vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.
2. Сross-Site Request Forgery (CSRF) in Piwigo: The vulnerability exists due to insufficient verification of the HTTP request origin in "admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server. Interesting PoC available on High-Tech Bridge's Advisory HTB23144.
Advisory ID: HTB23144
Vendor Notification / Patch / Public Disclosure Dates: February 6 / February 19 / February 27
Software weaknesses type: Cross-Site Request Forgery [CWE-352], Path Traversal [CWE-22]
Risk level: High
Solution Status: Fixed by Vendor, Upgrade to Piwigo 2.4.7
No comments:
Post a Comment