CVE-2012-2209
Piwigo < 2.3.4 - Cross-Site Scripting via Admin Panel Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2209. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
Exploits (1)
The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.