Description

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

Remediation

References

CVE-2015-1517

Related Vulnerabilities

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

PleskLin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35976)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-5702)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)

WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.2.1)

Severity

Medium

Classification

CVE-2015-1517 CWE-138

Tags

Missing Update Known Vulnerabilities