Description

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.

Remediation

References

CVE-2017-17823

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2006-3458)

LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16187)

Joomla! Core Security Bypass (1.6.0 - 3.6.5)

WebLogic CVE-2020-2883 Vulnerability (CVE-2020-2883)

WordPress Plugin Hide Featured Image Unspecified Vulnerability (1.1)

Severity

Medium

Classification

CVE-2017-17823 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities