Description

SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.

Remediation

References

CVE-2020-19217

Related Vulnerabilities

WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)

WordPress Plugin AccessPress Social Icons Multiple SQL Injection Vulnerabilities (1.6.6)

WordPress Plugin Search Types Custom Fields Widget Unspecified Vulnerability (1.3)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4630)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22875)

Severity

High

Classification

CVE-2020-19217 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities