CVE-2013-1468 Information

Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html http://packetstormsecurity.com/files/120592/Piwigo-2.4.6-Cross-Site-Request-Forgery-Traversal.html http://piwigo.org/bugs/view.php?id=0002844 http://piwigo.org/forum/viewtopic.php?id=21470 http://piwigo.org/releases/2.4.7 http://secunia.com/advisories/52228 http://www.exploit-db.com/exploits/24561 http://www.osvdb.org/90504 https://www.htbridge.com/advisory/HTB23144