RSS   Vulnerabilities for 'Facetag'   RSS

2018-02-25
 
CVE-2017-9426

CWE-89
 

 
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.

 
 
CVE-2017-9425

CWE-79
 

 
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.

 


Copyright 2024, cxsecurity.com

 

Back to Top