← back
CVE-2016-10514

CVE-2016-10514

EPSS 1.2%
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://piwigo.org/releases/2.8.3https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57https://github.com/Piwigo/Piwigo/issues/547