CVE-2014-4614
Piwigo < 2.6.2 - Cross-Site Request Forgery via Multiple Admin Methods
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/623
Vendor Advisory x_refsource_confirm
http://piwigo.org/bugs/view.php?id=0003055
Release Notes x_refsource_confirm
http://piwigo.org/releases/2.6.2
Scores
EPSS
0.0066
EPSS Percentile
47.1%
Details
CWE
CWE-352
Status
published
Products (50)
piwigo/piwigo
1.0.0
piwigo/piwigo
1.0.1
piwigo/piwigo
1.0.2
piwigo/piwigo
1.1.0
piwigo/piwigo
1.2.0
piwigo/piwigo
1.2.1
piwigo/piwigo
1.3.0
piwigo/piwigo
1.3.1
piwigo/piwigo
1.3.2
piwigo/piwigo
1.3.3
... and 40 more
Published
Jul 02, 2014
Tracked Since
Feb 18, 2026