CVE-2017-9464

{"id": "CVE-2017-9464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-06-14T19:29:00.247", "references": [{"url": "https://github.com/Piwigo/Piwigo/issues/706", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-007", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Piwigo/Piwigo/issues/706", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-007", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the \"redirect\" parameter is not validated."}, {"lang": "es", "value": "Una vulnerabilidad de Redireccionamiento Abierto est\u00e1 presente en Piwigo versi\u00f3n 2.9 y anteriores, lo que permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing. El componente del archivo identification.php se ve afectado por este problema: el par\u00e1metro \"redirect\" no es comprobado."}], "lastModified": "2024-11-21T03:36:11.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1931608C-2835-4E94-AC78-CCBB6C9EC9E5", "versionEndIncluding": "2.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}