CVE-2017-17822

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4
MEDIUM
Affected
2
PROJECTS

Description

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.

Piwigo/Piwigo
Piwigo/Piwigo
Manage your photos with Piwigo, a full featured open source photo gallery application for the web. Star us on Github! More than 200 plugins and themes available. Join us and contribute!
GitHubGitHub
3.8K
sahildhar/sahildhar.github.io
sahildhar/sahildhar.github.io
I share my vulnerability research findings and methodologies here :)
GitHubGitHub
1