Description Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. Remediation References CVE-2023-33362 Related Vulnerabilities Nginx Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-3556) WordPress Plugin WooCommerce Upload Files Arbitrary File Upload (59.3) WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4) WordPress Plugin Add Comments Cross-Site Scripting (1.0.1) WordPress Plugin Carousel slideshow Arbitrary File Upload (3.11) Severity Critical Classification CVE-2023-33362 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities