CVE-2017-17822

Опубликовано: 21 дек. 2017

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.

Ссылки

https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40
Third Party Advisory
https://github.com/Piwigo/Piwigo/issues/823
Third Party Advisory
https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md
Third Party Advisory
https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40
Third Party Advisory
https://github.com/Piwigo/Piwigo/issues/823
Third Party Advisory
https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:piwigo:piwigo:2.9.2:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00303

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2017-17822

CVSS3: 4.9

debian

около 8 лет назад

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via ...

GHSA-35mg-p597-mvg8

CVSS3: 4.9

github

больше 3 лет назад

EPSS

Процентиль: 53%

0.00303

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89