Description

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.

Remediation

References

CVE-2014-9115

Related Vulnerabilities

WordPress Plugin WP Fusion Lite-Marketing Automation for WordPress Multiple Vulnerabilities (3.37.18)

Moodle Improper Input Validation Vulnerability (CVE-2020-1756)

WordPress Plugin Forms:3rd-Party Inject Results Cross-Site Scripting (0.2)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.42)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2788)

Severity

High

Classification

CVE-2014-9115 CWE-138

Tags

Missing Update Known Vulnerabilities