Description

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

Remediation

References

CVE-2014-4649

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Oracle JRE CVE-2014-2398 Vulnerability (CVE-2014-2398)

WebLogic CVE-2018-2935 Vulnerability (CVE-2018-2935)

WordPress Plugin View All Post's Pages Cross-Site Scripting (0.9)

Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)

Severity

Medium

Classification

CVE-2014-4649 CWE-138

Tags

Missing Update Known Vulnerabilities