SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
piwigo piwigo |