Description
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2005-3437)
MySQL CVE-2023-21976 Vulnerability (CVE-2023-21976)
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)
SharePoint CVE-2024-49062 Vulnerability (CVE-2024-49062)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2922)