Описание
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Ссылки
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- PatchRelease NotesVendor Advisory
- ExploitMailing ListThird Party Advisory
- Not Applicable
- Not Applicable
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- PatchRelease NotesVendor Advisory
- ExploitMailing ListThird Party Advisory
- Not Applicable
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.3 (включая)
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00613
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
ubuntu
почти 11 лет назад
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
debian
почти 11 лет назад
SQL injection vulnerability in the administrative backend in Piwigo be ...
github
больше 3 лет назад
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
EPSS
Процентиль: 69%
0.00613
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89