Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33362)

Description

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Auto Featured Image Arbitrary File Upload (1.2)

WordPress Plugin Order XML File Export Import for WooCommerce Cross-Site Request Forgery (1.3.0)

MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)

WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42043)

Severity

Critical

Classification

CVE-2023-33362 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities