CVE-2012-2208
Piwigo < 2.3.3 - Remote File Inclusion via Upgrade Language Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2208. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.
Description
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Exploits (1)
The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.