CVE-2024-26450

Published: Feb 28, 2024

Modified: Dec 4, 2024

PUBLISHED

Description

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-p362-cfpj-q55f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26450

Description

Affected Products

References