← back
CVE-2017-10679

CVE-2017-10679

EPSS 2.5%
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Piwigo/Piwigo/issues/721https://github.com/Piwigo/Piwigo/issues/723http://www.securityfocus.com/bid/99380