CVE-2017-9464

MEDIUM

Piwigo <2.9 - Open Redirect

Title source: llm

Description

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

References (2)

[Issue Tracking, Patch, Third Party Advisory] https://github.com/Piwigo/Piwigo/issues/706

[Issue Tracking, Third Party Advisory] https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-007

Scores

CVSS v3 6.1

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (2)

piwigo/piwigo < 2.9.0

n/a/n/a

Published Jun 14, 2017

Tracked Since Feb 18, 2026