HTTP: Piwigo LocalFiles Editor Plugin File Creation
This signature detects attempts to exploit a known vulnerability against Piwigo LocalFiles Editor. Versions prior to 2.4.7 are vulnerable. Attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating a PHP file in the context of their session with the application, without further prompting or verification.
Extended Description
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
Affected Products
Piwigo piwigo
References
CVE: CVE-2013-1468
Short Name
HTTP:STC:PIWIGO-LOCALFILES-CSRF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-1468 Creation Editor File LocalFiles Piwigo Plugin
Release Date
09/18/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Piwigo
CVSS Score
7.6