Description

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.

Remediation

References

CVE-2018-6883

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)

WordPress Plugin Titan Framework Cross-Site Scripting (1.7.5)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11586)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38023)

Severity

Medium

Classification

CVE-2018-6883 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities