Description

SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.

Remediation

References

CVE-2017-10682

Related Vulnerabilities

Perl Out-of-bounds Read Vulnerability (CVE-2015-8608)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.28)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Multiple Vulnerabilities (1.1.4.2)

WordPress Plugin Easy2Map Multiple SQL Injection Vulnerabilities (1.2.4)

PHP Cryptographic Issues Vulnerability (CVE-2011-3189)

Severity

Critical

Classification

CVE-2017-10682 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities