show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.
References
Link | Resource |
---|---|
https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b | Patch Third Party Advisory |
https://github.com/Piwigo/LocalFilesEditor/issues/2 | Issue Tracking Third Party Advisory |
https://piwigo.org/ext/index.php?cid=null | Release Notes Third Party Advisory |
Configurations
History
04 May 2021, 00:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b - Patch, Third Party Advisory | |
References | (MISC) https://piwigo.org/ext/index.php?cid=null - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/Piwigo/LocalFilesEditor/issues/2 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:piwigo:localfiles_editor:*:*:*:*:*:piwigo:*:* | |
CWE | CWE-345 |
26 Apr 2021, 19:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-26 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-31783
Mitre link : CVE-2021-31783
CVE.ORG link : CVE-2021-31783
JSON object : View
Products Affected
piwigo
- localfiles_editor
CWE
CWE-345
Insufficient Verification of Data Authenticity