Li Zhiqiang

Researcher fromtopsec
#10527of 53,779
26.4Total CVSS
Vulnerabilities · 3
High
3
PT-2017-11430
8.8
2017-06-29
Piwigo · Piwigo · CVE-2017-10678
**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.9.2 **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for requests, specifically to delete permalinks, by crafting a malicious request. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.
PT-2017-11432
8.8
2017-06-29
Piwigo · Piwigo · CVE-2017-10680
**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.9.2 **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for requests, such as changing a private album to public, via a crafted request. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.
PT-2017-11433
8.8
2017-06-29
Piwigo · Piwigo · CVE-2017-10681
**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.10 **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for requests to unlock albums via a crafted request. **Recommendations** For versions prior to 2.10, update to version 2.10 or later to resolve the issue.