Description

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.

Remediation

References

CVE-2023-26876

Related Vulnerabilities

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Privilege Escalation (3.3.1)

Joomla CVE-2012-0819 Vulnerability (CVE-2012-0819)

PHP Improper Input Validation Vulnerability (CVE-2015-4148)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

Severity

High

Classification

CVE-2023-26876 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities