Home > Vulnerability Database > CVE-2016-10514

Mend.io Vulnerability Database

CVE-2016-10514

Good to know:

Date: October 10, 2017

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://github.com/Piwigo/Piwigo/issues/547

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-10514

Url: https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57

Url: http://piwigo.org/releases/2.8.3

Url: https://www.mend.io/vulnerability-database/CVE-2016-10514

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 2.8.3

Learn More

CVSS v3

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-10514

Good to know:

Date: October 10, 2017

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?