Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33362)

Description

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

Remediation

References

Related Vulnerabilities

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)

Microsoft SQL Server Other Vulnerability (CVE-2001-0344)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)

WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)

Claroline Other Vulnerability (CVE-2006-2868)

Severity

Critical

Classification

CVE-2023-33362 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities