Page 7 of 31 results (0.004 seconds)
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0
CVE-2014-4649
https://notcve.org/view.php?id=CVE-2014-4649
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. Vulnerabilidad de inyección SQL en el subsistema photo-edit en Piwigo 2.6.x y 2.7.x anterior a 2.7.0beta2 permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del campo associate[]. • http://piwigo.org/bugs/changelog_page.php http://piwigo.org/bugs/view.php?id=3089 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •