Vulnerabilities > CVE-2020-9468 - Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

piwigo

CWE-639

NVD

Published: 2020-03-26

Updated: 2021-07-21

Summary

The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Piwigo Piwigo Piwigo 2.9.0	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://github.com/plegall/Piwigo-community/issues/49
https://piwigo.org/ext/extension_view.php?eid=303