CSRF Vulnerabilities in Piwigo before 2.6.2 Allow Remote Authentication Hijacking

CSRF Vulnerabilities in Piwigo before 2.6.2 Allow Remote Authentication Hijacking

CVE-2014-4614 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.

Learn more about our User Device Pen Test.