CVE-2014-4614
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0018 (0.2%)
Percentile: 38.6%
EPSS: 2026-05-06
Affects
piwigo:piwigoTechnical description
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
Published: 7/2/2014, 8:55:06 PM
Last modified: 5/6/2026, 10:30:45 PM