SQL Injection Vulnerability in Piwigo by Piwigo Team
CVE-2022-32297

7.5HIGH

Key Information:

Vendor

Piwigo

Status
Piwigo
Vendor
CVE Published:
14 July 2022

What is CVE-2022-32297?

Piwigo v12.2.0 presents a SQL injection vulnerability through its Search function, potentially allowing attackers to execute arbitrary SQL queries. This security flaw may lead to unauthorized access to sensitive data within the database, posing significant risks for administrators and users alike. It is essential to patch this vulnerability to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/sth276/research/blob/main/piwigo_vul/S...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.