10 matches found
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...
Metasploit Weekly Wrap up
It’s open season on Openfire with a new RCE module in Metasploit This week the Metasploit framework saw the addition of an RCE module which exploits path traversal vulnerability in the instant messaging and group chat server, Openfire. The module was submitted by the one and only community...
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the filteruserid parameter. Module Options msf use auxiliary/gather/piwigocve202326876 msf auxiliarypiwigocve202326876 show actions ...actions... msf...
Piwigo 13.5.0 SQL Injection Vulnerability
Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...
Piwigo 13.5.0 SQL Injection
===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...
CVE-2023-26876
creationtimestamp| type| source ---|---|--- 2023-04-21 18:31:57+00:00| seen| https://t.me/cibsecurity/62616 2023-07-19 01:26:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/piwigocve202326876.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...
CVE-2023-26876
CVE-2023-26876 affects Piwigo up to version 13.5.0. The vulnerability is a SQL injection in the parameter filter_user_id passed to the endpoint admin.php?page=history&filter_image_id=&filter_user_id, enabling an attacker to manipulate the SQL query. Some connected sources note the issue can allow...