FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
edd201a5-8fc3-11e2-b131-000c299b62e1piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server.

The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.


Discovery 2013-02-06
Entry 2013-03-18
piwigo
< 2.4.7

CVE-2013-1468
CVE-2013-1469
http://piwigo.org/bugs/view.php?id=0002843
http://piwigo.org/bugs/view.php?id=0002844
http://dl.packetstormsecurity.net/1302-exploits/piwigo246-traversalxsrf.txt
436d7f93-9cf0-11ea-82b8-4c72b94353b5piwigo -- Multible Vulnerabilities

Piwigo reports:

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.


Discovery 2020-02-07
Entry 2020-05-23
piwigo
< 2.10.2

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8089
CVE-2020-8089