3 matches found
Piwigo < 13.8.0 SQLi Vulnerability
Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
CVE-2023-37270 Piwigo SQL Injection vulnerability in "User-Agent"
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...
CVE-2023-37270
Summary: CVE-2023-37270 affects Piwigo prior to 13.8.0, with a SQL Injection in the administrator login flow where the User-Agent related query is vulnerable at the endpoint recording user information. The vulnerability can be exploited by an authenticated attacker (admin screen login with low pr...