Description

SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.

Remediation

References

CVE-2009-2933

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9700)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7882)

XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2022-24819)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6145)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)

Severity

High

Classification

CVE-2009-2933 CWE-138

Tags

Missing Update Known Vulnerabilities