CVE-2014-4613

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 2.6.2

Description A cross-site request forgery (CSRF) issue exists in the administration panel, allowing remote attackers to hijack the authentication of administrators. This can be done by sending a request to "ws.php" with a "pwg.users.add" action, enabling the addition of users without proper authorization.

Recommendations For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel and the "ws.php" endpoint to minimize the risk of exploitation.