Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-29T21:00:00

Updated: 2024-08-05T17:41:55.552Z

Reserved: 2017-06-29T00:00:00

Link: CVE-2017-10679

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-29T21:29:00.237

Modified: 2024-11-21T03:06:16.933

Link: CVE-2017-10679

cve-icon Redhat

No data.