Description

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.

Remediation

References

CVE-2020-19216

Related Vulnerabilities

Envoy Wrong DOWNSTREAM_REMOTE_ADDRESS logged Issue (CVE-2020-35470)

WordPress Plugin Image Gallery-Responsive Photo Gallery Multiple Unspecified Vulnerabilities (1.9.58)

WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)

Oracle JRE CVE-2013-5788 Vulnerability (CVE-2013-5788)

WordPress 3.1 Multiple Vulnerabilities (0.7 - 3.1)

Severity

High

Classification

CVE-2020-19216 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities