SQL Injection Vulnerability in Piwigo by Piwigo Team
CVE-2023-34626

4.3MEDIUM

Key Information:

Vendor: Piwigo
Status: Piwigo
Vendor: CVE Published:; 15 June 2023

What is CVE-2023-34626?

Piwigo 13.7.0 is susceptible to an SQL Injection vulnerability that arises during the execution of operations within the 'Users' function. Attackers can exploit this flaw to manipulate SQL queries, potentially leading to unauthorized access to sensitive data or disruption of service. Web application developers and users must be aware of this vulnerability and take immediate actions to mitigate risks associated with this issue. For detailed insights, visit the referenced issue on GitHub.

References

https://github.com/Piwigo/Piwigo/issues/1924

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jun 7, 2023