3 matches found
Piwigo 2.9.1 SQL Injection
Exploit Title: Piwigo = 2.9.1 - 'cattrue'/'catfalse' SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://piwigo.org/ Software Link: http://piwigo.org/basics/downloads Version: = 2.9.1 Category: Webapps Tested on: WiN7x64/WIN10X64 CVE: CVE-2017-10682 Exploit Author: Akityo Email:...
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the catfalse or cattrue parameter in the comments or status page to catoptions.php...
CVE-2017-10682
CVE-2017-10682 affects Piwigo up to version 2.9.1, with an SQL injection in the administrative backend. The vulnerability allows remote attackers to execute arbitrary SQL commands via the cat_true or cat_false parameter used in the comments/status page to cat_options.php. Affected component: admi...