Description

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

Remediation

References

CVE-2015-1517

Related Vulnerabilities

MySQL CVE-2022-21427 Vulnerability (CVE-2022-21427)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4697)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.9)

Severity

Medium

Classification

CVE-2015-1517 CWE-138

Tags

Missing Update Known Vulnerabilities