Description

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

Remediation

References

CVE-2015-2035

Related Vulnerabilities

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4107)

WordPress Plugin Affiliates Manager SQL Injection (2.8.6)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)

Drupal Core 6.x Denial of Service (6.0 - 6.32)

Severity

Medium

Classification

CVE-2015-2035 CWE-138

Tags

Missing Update Known Vulnerabilities