Description Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. Remediation References CVE-2023-34626 Related Vulnerabilities MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10037) Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642) WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.5.5) WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1) LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25019) Severity Medium Classification CVE-2023-34626 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities