SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo prior to 2.5.5, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.2 allows remote malicious users to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
piwigo piwigo 2.6.2 |
||
piwigo piwigo 2.7.0 |
||
piwigo piwigo 2.7.1 |
||
piwigo piwigo |
||
piwigo piwigo 2.6.0 |
||
piwigo piwigo 2.6.1 |
||
piwigo piwigo 2.6.3 |