SQL Injection in Piwigo Administration Panel via admin/tags.php

SQL Injection in Piwigo Administration Panel via admin/tags.php

CVE-2018-6883 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.