Shinkurto

#8088de 53,638
34CVSS total
Vulnerabilidades · 4
Alta
2
Crítica
2
PT-2017-7738
9.8
2017-01-03
Piwigo · Piwigo · CVE-2016-10105
**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.8.4 **Description** The issue concerns the failure to validate the `sections` variable in the `admin/plugin.php` file, which can lead to information disclosure and code execution if the variable contains a `..` sequence. **Recommendations** For versions prior to 2.8.4, update to version 2.8.4 or later to resolve the issue.
PT-2016-4571
9.8
2016-12-30
Serendipity · Serendipity · CVE-2016-10082
**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 2.1 **Description** The issue arises from a failure to sanitize the `dbType` POST parameter in the `include/functions installer.inc.php` file, which is then used in an include() call in the `bundled-libs/serendipity generateFTPChecksums.php` file. This can lead to a File Inclusion and possible Code Execution attack during the first-time installation of Serendipity. **Recommendations** For Serendipity versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `include/functions installer.inc.php` file and the `bundled-libs/serendipity generateFTPChecksums.php` file to minimize the risk of exploitation. Avoid using the `dbType` parameter in the affected installation process until the issue is resolved.
PT-2016-4573
7.2
2016-12-30
Piwigo · Piwigo · CVE-2016-10084
**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.8.4 **Description** The issue allows remote authenticated administrators to conduct File Inclusion attacks. This is achieved via the `page['tab']` variable, also known as the mode parameter, in the admin/batch manager.php file. **Recommendations** For versions prior to 2.8.4, update to version 2.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/batch manager.php file to minimize the risk of exploitation. Avoid using the `page['tab']` variable in the affected file until the issue is resolved.
PT-2016-4574
7.2
2016-12-30
Piwigo · Piwigo · CVE-2016-10085
**Name of the Vulnerable Software and Affected Versions** Piwigo versions through 2.8.3 **Description** The issue allows remote authenticated administrators to conduct File Inclusion attacks. This is achieved via the `tab` parameter in the "admin/languages.php" endpoint. **Recommendations** For versions through 2.8.3, update to a version that contains a fix for this issue to prevent File Inclusion attacks.