SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/162404/Piwigo-11.3.0-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
| https://github.com/Piwigo/Piwigo/issues/1352 | Exploit Patch Third Party Advisory |
Configurations
History
30 Apr 2021, 23:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) http://packetstormsecurity.com/files/162404/Piwigo-11.3.0-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry |
30 Apr 2021, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 Apr 2021, 03:13
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
| CPE | cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:* | |
| CWE | CWE-89 | |
| References | (MISC) https://github.com/Piwigo/Piwigo/issues/1352 - Exploit, Patch, Third Party Advisory |
02 Apr 2021, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-04-02 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-27973
Mitre link : CVE-2021-27973
CVE.ORG link : CVE-2021-27973
JSON object : View
Products Affected
piwigo
- piwigo
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')