FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
436d7f93-9cf0-11ea-82b8-4c72b94353b5	piwigo -- Multible Vulnerabilities Piwigo reports: Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. Discovery 2020-02-07 Entry 2020-05-23 piwigo < 2.10.2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8089 CVE-2020-8089
edd201a5-8fc3-11e2-b131-000c299b62e1	piwigo -- CSRF/Path Traversal High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server. The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions. Discovery 2013-02-06 Entry 2013-03-18 piwigo < 2.4.7 CVE-2013-1468 CVE-2013-1469 http://piwigo.org/bugs/view.php?id=0002843 http://piwigo.org/bugs/view.php?id=0002844 http://dl.packetstormsecurity.net/1302-exploits/piwigo246-traversalxsrf.txt

VuXML ID

Description

436d7f93-9cf0-11ea-82b8-4c72b94353b5

piwigo -- Multible Vulnerabilities

Piwigo reports:

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.

Discovery 2020-02-07
Entry 2020-05-23
piwigo

< 2.10.2

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8089
CVE-2020-8089

edd201a5-8fc3-11e2-b131-000c299b62e1

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports:

The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server.

The path traversal vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. The script is present on the system after installation by default, and can be accessed by attacker without any restrictions.

Discovery 2013-02-06
Entry 2013-03-18
piwigo

< 2.4.7

CVE-2013-1468
CVE-2013-1469
http://piwigo.org/bugs/view.php?id=0002843
http://piwigo.org/bugs/view.php?id=0002844
http://dl.packetstormsecurity.net/1302-exploits/piwigo246-traversalxsrf.txt