Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-13363 - Vulnerability Database
Piwigo

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-13363

Critical
Reference: CVE-2019-13363
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-13363
Title: Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

admin.phppagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbmamp95sendamp95htmlamp95mail nbmamp95sendamp95mailamp95as nbmamp95sendamp95detailedamp95content nbmamp95complementaryamp95mailamp95content nbmamp95sendamp95recentamp95postamp95dates or paramamp95submit parameter. This is exploitable via CSRF.