FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368515
Date:      2014-09-18
Time:      19:53:09Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
edd201a5-8fc3-11e2-b131-000c299b62e1piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server.

The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.


Discovery 2013-02-06
Entry 2013-03-18
piwigo
lt 2.4.7

CVE-2013-1468
CVE-2013-1469
http://piwigo.org/bugs/view.php?id=0002843
http://piwigo.org/bugs/view.php?id=0002844
http://dl.packetstormsecurity.net/1302-exploits/piwigo246-traversalxsrf.txt