CVE-2017-17824

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4
MEDIUM
Affected
2
PROJECTS

Description

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.

Piwigo/Piwigo
Piwigo/Piwigo
Manage your photos with Piwigo, a full featured open source photo gallery application for the web. Star us on Github! More than 200 plugins and themes available. Join us and contribute!
GitHubGitHub
3.8K
sahildhar/sahildhar.github.io
sahildhar/sahildhar.github.io
I share my vulnerability research findings and methodologies here :)
GitHubGitHub
1