Medium severity6.5NVD Advisory· Published Mar 16, 2018· Updated Jun 17, 2026
CVE-2014-4613
CVE-2014-4613
Description
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/31916nvdExploitThird Party AdvisoryVDB Entry
- piwigo.org/bugs/view.phpnvdIssue TrackingVendor Advisory
- seclists.org/oss-sec/2014/q2/610nvdMailing ListThird Party Advisory
- seclists.org/oss-sec/2014/q2/623nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/65811nvdThird Party AdvisoryVDB Entry
- osvdb.org/show/osvdb/103774nvdBroken Link
- piwigo.org/releases/2.6.2nvdRelease Notes
News mentions
0No linked articles in our index yet.