Vulnerability Description
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Piwigo | Piwigo | <= 2.8.2 |
Related Weaknesses (CWE)
References
- http://piwigo.org/releases/2.8.3PatchRelease NotesVendor Advisory
- https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57Issue TrackingPatchThird Party Advisory
- https://github.com/Piwigo/Piwigo/issues/547Issue TrackingPatchThird Party Advisory
- http://piwigo.org/releases/2.8.3PatchRelease NotesVendor Advisory
- https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57Issue TrackingPatchThird Party Advisory
- https://github.com/Piwigo/Piwigo/issues/547Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-10514?
CVE-2016-10514 is a vulnerability with a CVSS score of 6.5 (MEDIUM). url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a sub...
How severe is CVE-2016-10514?
CVE-2016-10514 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10514?
Check the references section above for vendor advisories and patch information. Affected products include: Piwigo Piwigo.