Web application abuses : Piwigo < 2.8.5 RFI Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.107116

Category: Web application abuses

Title: Piwigo < 2.8.5 RFI Vulnerability

Summary: Piwigo is prone to a remote file inclusion (RFI) vulnerability.

Description: Summary:
Piwigo is prone to a remote file inclusion (RFI) vulnerability.

Vulnerability Insight:
A remote file inclusion vulnerability allows remote attackers to
include arbitrary remote files and execute PHP code on the affected computer in the context of the webserver process.

Vulnerability Impact:
Successful exploitation may allow an attacker to obtain sensitive information,
which can lead to launching further attacks.

Affected Software/OS:
Piwigo prior to 2.8.5.

Solution:
Update to version 2.8.5 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-10084
BugTraq ID: 95164
http://www.securityfocus.com/bid/95164
Common Vulnerability Exposure (CVE) ID: CVE-2016-10085
BugTraq ID: 95167
http://www.securityfocus.com/bid/95167

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.107116
Category:	Web application abuses
Title:	Piwigo < 2.8.5 RFI Vulnerability
Summary:	Piwigo is prone to a remote file inclusion (RFI) vulnerability.
Description:	Summary: Piwigo is prone to a remote file inclusion (RFI) vulnerability. Vulnerability Insight: A remote file inclusion vulnerability allows remote attackers to include arbitrary remote files and execute PHP code on the affected computer in the context of the webserver process. Vulnerability Impact: Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks. Affected Software/OS: Piwigo prior to 2.8.5. Solution: Update to version 2.8.5 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10084 BugTraq ID: 95164 http://www.securityfocus.com/bid/95164 Common Vulnerability Exposure (CVE) ID: CVE-2016-10085 BugTraq ID: 95167 http://www.securityfocus.com/bid/95167
Copyright	Copyright (C) 2016 Greenbone AG