Skip to content

SQL injection in group_list.php #1009

Closed
@zongdeiqianxing

Description

An SQL injection has been discovered in the administration panel of Piwigo v2.9.5. The vulnerability allows remote attackers that are authenticated as administrator to inject SQL code into a query and display. This could result in full information disclosure.

The vulnerability was found in the 'delete' method in admin/group_list.php, because it does not validate and filter the '$group' parameter when it gets the parameters. And the vulnerability could query any data in the database and display it on the page.

In the figure, I obtained the encrypted password of the user table.
2
3

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions