Description

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

Remediation

References

CVE-2023-33362

Related Vulnerabilities

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21672)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)

WordPress Plugin Recent Backups Arbitrary File Download (0.7)

WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (1.10.1)

Ruby Resource Management Errors Vulnerability (CVE-2008-2664)

Severity

Critical

Classification

CVE-2023-33362 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities