← volver
CVE-2015-2035

CVE-2015-2035

EPSS 1.8%
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlhttp://piwigo.org/forum/viewtopic.php?id=25179http://piwigo.org/releases/2.7.4http://seclists.org/fulldisclosure/2015/Feb/73http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.htmlhttp://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.htmlhttp://www.securityfocus.com/bid/72689