Description
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Export Orders and More Cross-Site Scripting (2.0.10)
Piwigo Improper Access Control Vulnerability (CVE-2016-10084)
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15400)
WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4340)