Cross-Site Request Forgery Vulnerability in Lexiglot Plugin for Piwigo
CVE-2014-8942

8.8HIGH

Key Information:

Vendor: Piwigo
Status: Lexiglot
Vendor: CVE Published:; 1 June 2020

What is CVE-2014-8942?

The Lexiglot plugin for Piwigo is susceptible to Cross-Site Request Forgery (CSRF), enabling attackers to perform unauthorized actions on behalf of users without their consent. This vulnerability can lead to significant security issues if exploited, allowing malicious actors to manipulate user settings or data within the Piwigo platform. Users of Lexiglot should take immediate action to secure their installations and monitor for any unusual activity.

References

https://www.justanotherhacker.com/2018/05/jahx181_-_piwig...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2020
Vulnerability Reserved
Nov 15, 2014