Description

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

Remediation

References

CVE-2015-2035

Related Vulnerabilities

PostgreSQL CVE-2023-5868 Vulnerability (CVE-2023-5868)

Squid Out-of-bounds Read Vulnerability (CVE-2021-28116)

MySQL CVE-2016-0657 Vulnerability (CVE-2016-0657)

WordPress Plugin WP Reset-Most Advanced WordPress Reset Tool Cross-Site Scripting (1.86)

WebLogic CVE-2022-21560 Vulnerability (CVE-2022-21560)

Severity

Medium

Classification

CVE-2015-2035 CWE-138

Tags

Missing Update Known Vulnerabilities