CVE-2015-2035
CVE-2015-2035
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlhttp://piwigo.org/forum/viewtopic.php?id=25179http://piwigo.org/releases/2.7.4http://seclists.org/fulldisclosure/2015/Feb/73http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.htmlhttp://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.htmlhttp://www.securityfocus.com/bid/72689