Description
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Remediation
References
Related Vulnerabilities
MediaWiki CVE-2021-30159 Vulnerability (CVE-2021-30159)
OpenVPN AS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9104)
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)
WordPress Other Vulnerability (CVE-2006-0986)
WordPress Plugin Compact WP Audio Player Cross-Site Scripting (1.9.7)