WEB APPLICATION VULNERABILITIES Standard & Premium

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19213)

Description

SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.

Remediation

References

Related Vulnerabilities

WordPress 4.1.x Prototype Pollution (4.1 - 4.1.34)

WordPress Plugin URL Cloak & Encrypt Cross-Site Scripting (2.0)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-5504)

WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.9)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)

Severity

Critical

Classification

CVE-2020-19213 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities