flop25

3 exploits Active since Jun 2017
CVE-2017-10678 WRITEUP HIGH WRITEUP
Piwigo < 2.9.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.
CVSS 8.8
CVE-2017-10680 WRITEUP HIGH WRITEUP
Piwigo < 2.9.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.
CVSS 8.8
CVE-2017-10681 WRITEUP HIGH WRITEUP
Piwigo < 2.9.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.
CVSS 8.8