CVE-2017-10682
CVE-2017-10682
9.8
CriticalPublished:
Last updated:
Source:cve@mitre.org
Modified
Weakness (CWE)
CVSS Vector
v3.0- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Exploits
433372017-12-14webappsPHP
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
By Akityo
References
cve@mitre.org
http://www.securityfocus.com/bid/99357cve@mitre.org
https://github.com/Piwigo/Piwigo/issues/724cve@mitre.org
https://www.exploit-db.com/exploits/43337/af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/99357af854a3a-2127-422b-91ae-364da2661108
https://github.com/Piwigo/Piwigo/commit/3dd6812412289a199564e63fffd0a9754010b9e0af854a3a-2127-422b-91ae-364da2661108
https://github.com/Piwigo/Piwigo/issues/724af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/43337/