CVE-2017-16893

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16893

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16893.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16893

Published

2017-12-01T17:29:00Z

Modified

2025-01-14T07:08:06.465735Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.

References

https://github.com/Piwigo/Piwigo/issues/804

Affected packages

Git / github.com/piwigo/piwigo

Affected ranges

Type: GIT
Repo: https://github.com/piwigo/piwigo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

045d98ab003c7e75d7f6b3f6a540cec63b916ce5

Affected versions

2.*

2.8.0

2.8.0RC1

2.8.0RC2

2.8.1

2.8.2

2.9.0

2.9.0RC1

2.9.0RC2

2.9.0beta1

2.9.0beta2

2.9.1

2.9.2