PT-2021-17700 · Piwigo · Piwigo

1Fe1Seo

Published

2021-04-02

Updated

2021-04-30

CVE-2021-27973

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Piwigo versions prior to 11.4.0

Description: A SQL injection issue exists via the language parameter to the "admin.php?page=languages" API endpoint.

Recommendations: For versions prior to 11.4.0, update to version 11.4.0 or later to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2021-27973

Piwigo