Description
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2457 Vulnerability (CVE-2013-2457)
Prototype CVE-2020-27511 Vulnerability (CVE-2020-27511)
Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Scripting (1.1.46)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)