CVE-2022-48007 in Piwigoinfo

Summary

by MITRE • 01/27/2023

A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 03/28/2025

The stored cross-site scripting vulnerability identified as CVE-2022-48007 exists within the identification.php component of Piwigo version 13.4.0, representing a critical security flaw that enables attackers to persistently inject malicious scripts into the application's user interface. This vulnerability specifically manifests when the application fails to properly sanitize or encode user input received through the User-Agent HTTP header, creating an avenue for persistent XSS attacks that can affect all users interacting with the compromised system. The flaw falls under CWE-79 which categorizes weaknesses related to cross-site scripting, and aligns with ATT&CK technique T1531 which focuses on tampering with application code and data. The vulnerability's persistence stems from the application's failure to implement proper input validation and output encoding mechanisms, allowing malicious payloads to be stored and subsequently executed whenever legitimate users access the affected pages.

The technical exploitation of this vulnerability occurs when an attacker crafts a malicious User-Agent string containing embedded JavaScript or HTML code and submits it through the identification.php endpoint. Since the application does not adequately sanitize this input before rendering it in the user interface, the malicious code becomes permanently stored within the application's data structures. When other users access the affected pages or interact with the application's authentication mechanisms, their browsers execute the stored malicious scripts, potentially leading to session hijacking, credential theft, or redirection to malicious websites. The attack vector specifically targets the User-Agent header because many web applications, particularly those with less robust input sanitization, may inadvertently process and display this header value in user-facing interfaces without proper HTML encoding.

The operational impact of CVE-2022-48007 extends beyond simple script execution, as it provides attackers with persistent access to user sessions and potentially sensitive data within the Piwigo gallery system. This vulnerability can enable attackers to steal user authentication cookies, modify user permissions, or gain unauthorized access to private photo galleries and associated metadata. The stored nature of the vulnerability means that once exploited, the malicious payload remains active until manually removed from the application's database, creating an ongoing security risk that affects all users who encounter the compromised interface. Attackers can leverage this weakness to establish long-term persistence within the system, potentially using it as a foothold for further attacks against the broader network infrastructure. The vulnerability's severity is amplified by the fact that it requires minimal user interaction beyond normal browsing behavior, making it particularly dangerous in environments where users may access the gallery from various devices or networks.

Mitigation strategies for CVE-2022-48007 should prioritize immediate application updates to versions that address the identified XSS vulnerability in identification.php. System administrators must implement comprehensive input validation and output encoding mechanisms that sanitize all user-supplied data, particularly HTTP headers, before rendering them in web interfaces. The implementation of Content Security Policy (CSP) headers can provide an additional layer of protection against XSS attacks by restricting the sources from which scripts can be loaded and executed. Regular security audits should include thorough testing of all application components for proper input validation and output encoding, with particular attention to HTTP headers that may be processed by the application. Organizations should also consider implementing web application firewalls and intrusion detection systems to monitor for suspicious User-Agent patterns that may indicate exploitation attempts. The remediation process must include database cleanup to remove any existing malicious payloads and comprehensive user education to ensure awareness of potential XSS attack vectors. Additionally, implementing proper logging and monitoring of authentication attempts and header processing can help detect and respond to exploitation attempts more effectively, while adhering to security frameworks such as NIST SP 800-53 controls for application security.

Reservation

12/29/2022

Disclosure

01/27/2023

Moderation

accepted

CPE

ready

EPSS

0.00419

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!