CVE-2017-9464

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-9464
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9464.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-9464
Published
2017-06-14T19:29:00.247Z
Modified
2026-04-10T04:02:23.845852Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.

References

Affected packages

Git / github.com/piwigo/piwigo

Affected ranges

Type
GIT
Repo
https://github.com/piwigo/piwigo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a58d87e84fa98ac129f666d99cef4179a9dfcda1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0"
        }
    ]
}

Affected versions

2.*
2.8.0RC1
2.8.0RC2
2.9.0
2.9.0RC1
2.9.0RC2
2.9.0beta1
2.9.0beta2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9464.json"