Cross-site request forgery (CSRF) vulnerability in the
administration panel in Piwigo before 2.6.2 allows remote attackers
to hijack the authentication of administrators for requests that
add users via a pwg.users.add action in a request to ws.php.
(CVSS:4.3) (Last Update:2018-04-09)