Lucene search
K

10 matches found

packetstorm
packetstorm
added 2024/08/31 12:0 a.m.296 views

Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...

8.8CVSS7AI score0.09725EPSS
Exploits5
rapid7blog
rapid7blog
added 2023/07/21 6:8 p.m.46 views

Metasploit Weekly Wrap up

It’s open season on Openfire with a new RCE module in Metasploit This week the Metasploit framework saw the addition of an RCE module which exploits path traversal vulnerability in the instant messaging and group chat server, Openfire. The module was submitted by the one and only community...

6.5CVSS9.1AI score0.99999EPSS
Exploits20
metasploit
metasploit
added 2023/07/19 7:50 p.m.408 views

Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the filteruserid parameter. Module Options msf use auxiliary/gather/piwigocve202326876 msf auxiliarypiwigocve202326876 show actions ...actions... msf...

8.8CVSS8.9AI score0.09725EPSS
Exploits5
zdt
zdt
added 2023/04/28 12:0 a.m.408 views

Piwigo 13.5.0 SQL Injection Vulnerability

Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...

8.8CVSS8.7AI score0.09725EPSS
Exploits5
packetstorm
packetstorm
added 2023/04/28 12:0 a.m.374 views

Piwigo 13.5.0 SQL Injection

===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...

8.8CVSS6.9AI score0.09725EPSS
Exploits5
circl
circl
added 2023/04/21 6:31 p.m.24 views

CVE-2023-26876

creationtimestamp| type| source ---|---|--- 2023-04-21 18:31:57+00:00| seen| https://t.me/cibsecurity/62616 2023-07-19 01:26:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/piwigocve202326876.rb 2025-02-06 03:13:45+00:00| seen|...

8.8CVSS8.1AI score0.09725EPSS
Exploits5References2
osv
osv
added 2023/04/21 12:0 a.m.26 views

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

8.8CVSS9.2AI score0.09725EPSS
Exploits5References7
cvelist
cvelist
added 2023/04/21 12:0 a.m.50 views

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

9.2AI score0.09725EPSS
Exploits5References5
vulnrichment
vulnrichment
added 2023/04/21 12:0 a.m.5 views

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

9AI score0.09725EPSS
Exploits5References5
cve
cve
added 2023/04/21 12:0 a.m.78 views

CVE-2023-26876

CVE-2023-26876 affects Piwigo up to version 13.5.0. The vulnerability is a SQL injection in the parameter filter_user_id passed to the endpoint admin.php?page=history&filter_image_id=&filter_user_id, enabling an attacker to manipulate the SQL query. Some connected sources note the issue can allow...

8.8CVSS8.9AI score0.09725EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder