Описание
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
Ссылки
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:piwigo:piwigo:2.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00331
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 4.9
debian
около 8 лет назад
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injec ...
CVSS3: 4.9
github
больше 3 лет назад
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
EPSS
Процентиль: 56%
0.00331
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89