CVE-2013-1469

Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1469. PoCs published by High-Tech Bridge SA, LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability (CVE-2013-1468) allowing arbitrary PHP file creation and a path traversal vulnerability (CVE-2013-1469) enabling arbitrary file read/deletion in Piwigo 2.4.6. The PoC includes HTML/JS for CSRF and a direct URL for path traversal.

Description

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/24561

The exploit demonstrates a CSRF vulnerability (CVE-2013-1468) allowing arbitrary PHP file creation and a path traversal vulnerability (CVE-2013-1469) enabling arbitrary file read/deletion in Piwigo 2.4.6. The PoC includes HTML/JS for CSRF and a direct URL for path traversal.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Piwigo 2.4.6
Auth required
Prerequisites: Admin session for CSRF · LocalFiles Editor plugin enabled for CSRF · Default install.php presence for path traversal
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/24520

The exploit demonstrates a directory traversal vulnerability in Piwigo 2.4.6's install.php script, allowing arbitrary file read and delete operations via the 'dl' parameter. The PoC includes a sample URL to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Piwigo 2.4.6
No auth needed
Prerequisites: Access to the install.php script on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Various Sources x_refsource_confirm
http://piwigo.org/forum/viewtopic.php?id=21470
Release Notes x_refsource_confirm
http://piwigo.org/releases/2.4.7
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24561
Various Sources x_refsource_confirm
http://piwigo.org/bugs/view.php?id=0002843
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-02/0153.html

Scores

EPSS 0.5601
EPSS Percentile 98.9%

Details

CWE
CWE-22
Status published
Products (50)
piwigo/piwigo 1.0.0
piwigo/piwigo 1.0.1
piwigo/piwigo 1.0.2
piwigo/piwigo 1.1.0
piwigo/piwigo 1.2.0
piwigo/piwigo 1.2.1
piwigo/piwigo 1.3.0
piwigo/piwigo 1.3.1
piwigo/piwigo 1.3.2
piwigo/piwigo 1.3.3
... and 40 more
Published Mar 13, 2013
Tracked Since Feb 18, 2026