Description
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Cross-Site Scripting (12.6.5)
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7859)