Description

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

Remediation

References

CVE-2014-4649

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)

WordPress Plugin WP Data Access Security Bypass (5.1.3)

WordPress Plugin Ditty WordPress-Responsive Slider, List, and Ticker Display Unspecified Vulnerability (1.5.1)

MySQL CVE-2020-14828 Vulnerability (CVE-2020-14828)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)

Severity

Medium

Classification

CVE-2014-4649 CWE-138

Tags

Missing Update Known Vulnerabilities