Hi Georgi,
As you suggested, this is a CSRF attack. Using such techniques to attack or
enumerate local applications has been known for some time and is a very
difficult issue to address. Browsers have done well in preventing malicious
_authenticated_ cross-site requests, but as you've found, at
=[ Tempest Security Intelligence - ADV-03/2023
]==
Piwigo - Version 13.5.0
Author: Rodolfo Tavares
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=[ Table of Contents]==
* Overview
* Detailed descript
