Description
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
Remediation
References
Related Vulnerabilities
PHP Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2017-11144)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000504)
Java Code Execution Vulnerability (CVE-2018-3211)
MySQL CVE-2012-3150 Vulnerability (CVE-2012-3150)
WordPress Plugin Relevanssi-A Better Search SQL Injection (3.6.0)