Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:PIWIGO-LOCALFILES-CSRF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Piwigo LocalFiles Editor Plugin File Creation

Release Date

 2014/09/18

Update Number

 2420

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Piwigo LocalFiles Editor Plugin File Creation


This signature detects attempts to exploit a known vulnerability against Piwigo LocalFiles Editor. Versions prior to 2.4.7 are vulnerable. Attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating a PHP file in the context of their session with the application, without further prompting or verification.

Extended Description

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

Affected Products

  • piwigo 1.0.0 (-)
  • piwigo 1.0.1
  • piwigo 1.0.2
  • piwigo 1.1.0
  • piwigo 1.2.0
  • piwigo 1.2.1
  • piwigo 1.3.0
  • piwigo 1.3.1
  • piwigo 1.3.2
  • piwigo 1.3.3
  • piwigo 1.3.4
  • piwigo 1.4.0
  • piwigo 1.4.1
  • piwigo 1.5.0
  • piwigo 1.5.1
  • piwigo 1.5.2
  • piwigo 1.6.0
  • piwigo 1.6.1
  • piwigo 1.6.2
  • piwigo 1.7.0
  • piwigo 1.7.1
  • piwigo 1.7.2
  • piwigo 1.7.3
  • piwigo 2.0
  • piwigo 2.0.0
  • piwigo 2.0.1
  • piwigo 2.0.10
  • piwigo 2.0.2
  • piwigo 2.0.3
  • piwigo 2.0.4
  • piwigo 2.0.5
  • piwigo 2.0.6
  • piwigo 2.0.7
  • piwigo 2.0.8
  • piwigo 2.0.9
  • piwigo 2.1.0
  • piwigo 2.1.1
  • piwigo 2.1.2
  • piwigo 2.1.3
  • piwigo 2.1.4
  • piwigo 2.1.5
  • piwigo 2.1.6
  • piwigo 2.2.0
  • piwigo 2.2.1
  • piwigo 2.2.2
  • piwigo 2.2.3
  • piwigo 2.2.4
  • piwigo 2.2.5
  • piwigo 2.3.0
  • piwigo 2.3.1
  • piwigo 2.3.2
  • piwigo 2.3.3
  • piwigo 2.3.4
  • piwigo 2.3.5
  • piwigo 2.4.0
  • piwigo 2.4.1
  • piwigo 2.4.2
  • piwigo 2.4.3
  • piwigo 2.4.4
  • piwigo 2.4.5
  • piwigo up to 2.4.6

References

  • CVE: CVE-2013-1468

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out