Vulnerability CVE-2015-1517


Published: 2015-02-20   Modified: 2015-02-23

Description:
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Piwigo 2.7.3 SQL Injection
Sven Schleier
19.02.2015

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Piwigo
Product: Piwigo 
Version: 2.7.3;

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://piwigo.org/releases/2.7.4
http://www.securityfocus.com/bid/72664
http://www.securityfocus.com/archive/1/archive/1/534723/100/0/threaded
http://piwigo.org/forum/viewtopic.php?id=25179
http://packetstormsecurity.com/files/130440/Piwigo-2.7.3-SQL-Injection.html

Related CVE
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substrin...
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
CVE-2017-10680
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.
CVE-2017-10681
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
CVE-2017-10679
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID number...
CVE-2017-10678
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.
CVE-2017-9837
The ws_session_logout function in Piwigo 2.9.1 and earlier does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

Copyright 2017, cxsecurity.com

 

Back to Top