Description

Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.

Remediation

References

CVE-2021-40313

Related Vulnerabilities

Django CVE-2024-24680 Vulnerability (CVE-2024-24680)

WordPress Plugin Mobile blocks Security Bypass (1.0)

XWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-26479)

WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)

WordPress Plugin Commentator Cross-Site Scripting (2.5.2)

Severity

High

Classification

CVE-2021-40313 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities