CVE-2014-4649CVE-2014-4649

Affected configuration(s):

cpe:/a:piwigo:piwigo:2.6.0
cpe:/a:piwigo:piwigo:2.6.1
cpe:/a:piwigo:piwigo:2.6.2
cpe:/a:piwigo:piwigo:2.6.3
cpe:/a:piwigo:piwigo:2.7.0:beta1

Date published: 2014-06-28T11:55:08.240-04:00

Date last modified: 2014-06-30T18:10:07.200-04:00

CVSS Score: 6.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://piwigo.org/bugs/changelog_page.php

Summary: SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *