Vulnerability Details : CVE-2021-31783

show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.

Vulnerability category: File inclusion

Published 2021-04-26 19:15:09

Updated 2021-05-04 00:32:02

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-31783

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 36 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-31783

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-31783

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Assigned by: [email protected] (Primary)

References for CVE-2021-31783

https://github.com/Piwigo/LocalFilesEditor/issues/2

Issue Tracking;Third Party Advisory
https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b

Patch;Third Party Advisory
https://piwigo.org/ext/index.php?cid=null

Release Notes;Third Party Advisory

Products affected by CVE-2021-31783

Piwigo » Localfiles Editor » For Piwigo
Versions before (<) 11.4.0.1
cpe:2.3:a:piwigo:localfiles_editor:*:*:*:*:*:piwigo:*:*
Matching versions