Description
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4553)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.13)
WordPress Plugin Button Widget Smartsoft Cross-Site Request Forgery (1.0.1)
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)