Vulnerability CVE-2015-1517


Published: 2015-02-20

Description:
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Piwigo 2.7.3 SQL Injection
Sven Schleier
19.02.2015

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Piwigo
Product: Piwigo 
Version: 2.7.3;

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://piwigo.org/releases/2.7.4
http://www.securityfocus.com/bid/72664
http://www.securityfocus.com/archive/1/archive/1/534723/100/0/threaded
http://piwigo.org/forum/viewtopic.php?id=25179
http://packetstormsecurity.com/files/130440/Piwigo-2.7.3-SQL-Injection.html

Related CVE
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the da...
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF.

Copyright 2018, cxsecurity.com

 

Back to Top