PT-2014-6046 · Piwigo · Piwigo
Published
2014-06-28
·
Updated
2014-06-30
·
CVE-2014-4649
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Piwigo versions 2.6.x through 2.7.x before 2.7.0beta2
Description
The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the
associate[] field in the photo-edit subsystem.Recommendations
For versions 2.6.x through 2.7.x before 2.7.0beta2, update to version 2.7.0beta2 or later to resolve the issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Piwigo