CVE-2013-1468

Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1468. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability (CVE-2013-1468) allowing arbitrary PHP file creation and a path traversal vulnerability (CVE-2013-1469) enabling arbitrary file read/deletion in Piwigo 2.4.6. The PoC includes HTML/JS for CSRF and a direct URL for path traversal.

Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/24561

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability (CVE-2013-1468) allowing arbitrary PHP file creation and a path traversal vulnerability (CVE-2013-1469) enabling arbitrary file read/deletion in Piwigo 2.4.6. The PoC includes HTML/JS for CSRF and a direct URL for path traversal.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Piwigo 2.4.6

Auth required

Prerequisites: Admin session for CSRF · LocalFiles Editor plugin enabled for CSRF · Default install.php presence for path traversal

MITRE ATT&CK