Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2024-26450 - Vulnerability Database
Piwigo

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2024-26450

Medium
Reference: CVE-2024-26450
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-26450
Title: Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user39s dashboard executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim39s instance to connect back to a malicious listener.