3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in admin/picturemodify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate field, a different vulnerability than CVE-2014-4649...
CVE-2014-4649
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate field...
CVE-2014-4649
Piwigo contains a SQL injection vulnerability (CVE-2014-4649) in the photo-edit subsystem for versions 2.6.x and 2.7.x prior to 2.7.0beta2. The issue allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. Affected software is Piwigo, with the root ...