CVE-2017-17827

Name of the Vulnerable Software and Affected Versions Piwigo version 2.9.2

Description The issue allows an attacker to perform Cross-Site Request Forgery attacks, potentially coercing an admin user into performing unintended actions. This can be achieved via the "admin.php?page=configuration&section=main" or "admin.php?page=batch manager&mode=unit" API endpoints.

Recommendations For Piwigo version 2.9.2, as a temporary workaround, consider restricting access to the /admin.php?page=configuration&section=main and /admin.php?page=batch manager&mode=unit API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.