6.1

CVE-2017-9464

EPSS 1.12%
Veröffentlicht 14.06.2017 19:29:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Piwigo ≫ Piwigo Version <= 2.9.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.12%	0.619

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/Piwigo/Piwigo/issues/706

Patch

Third Party Advisory

Issue Tracking

https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-007

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-9464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9464

EUVD