Description

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

Remediation

References

CVE-2015-2035

Related Vulnerabilities

Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)

WordPress Plugin Post to CSV by BestWebSoft Cross-Site Scripting (1.3.0)

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

WordPress Plugin WP Activity Log Cross-Site Request Forgery (4.1.3.2)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41866)

Severity

Medium

Classification

CVE-2015-2035 CWE-138

Tags

Missing Update Known Vulnerabilities