CVE-2017-9464

Name of the Vulnerable Software and Affected Versions Piwigo versions 2.9 and prior

Description An open redirect issue allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. The redirect parameter in the identification.php component is not validated, making it vulnerable to exploitation.

Recommendations For Piwigo versions 2.9 and prior, as a temporary workaround, consider validating or restricting the use of the redirect parameter in the identification.php component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.