FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  454327
Date:      2017-11-16
Time:      19:05:01Z
Committer: jkim

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
edd201a5-8fc3-11e2-b131-000c299b62e1piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server.

The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.

Discovery 2013-02-06
Entry 2013-03-18
lt 2.4.7