SQL Injection Vulnerability in Piwigo before 2.7.4 Allows Remote Authenticated Users to Execute Arbitrary SQL Commands

SQL Injection Vulnerability in Piwigo before 2.7.4 Allows Remote Authenticated Users to Execute Arbitrary SQL Commands

CVE-2015-1517 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

Learn more about our User Device Pen Test.