Description
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21427 Vulnerability (CVE-2022-21427)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4697)
Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)