Description
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2004-1082)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)
WordPress Plugin Twitget Cross-Site Request Forgery (3.3.2)
MySQL CVE-2014-6496 Vulnerability (CVE-2014-6496)
WordPress Plugin Xhanch-My Twitter Cross-Site Request Forgery (2.7.6)