PT-2020-20681 · Piwigo · Community Plugin

Published

2020-03-26

Updated

2021-07-21

CVE-2020-9468

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Community plugin version 2.9.e-beta for Piwigo

Description The issue allows users to set image information on images in albums for which they do not have permission. This is achieved by manipulating the image id parameter.

Recommendations For Community plugin version 2.9.e-beta, consider restricting access to the image id parameter to prevent unauthorized modifications until a patch is available.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2020-9468

Affected Products

Community Plugin

PT-2020-20681 · Piwigo · Community Plugin

CVE-2020-9468

Weakness Enumeration

Related Identifiers

Affected Products

References · 5