CVE-2017-16893
Last modified
CVE-2017-16893 is a vulnerability of currently unknown severity. The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. EPSS estimates a 1.40% chance of exploitation in the next 30 days.
Description
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Piwigo | Piwigo | <= 2.9.2 |
References
- https://github.com/Piwigo/Piwigo/issues/804Issue Tracking
- https://github.com/Piwigo/Piwigo/issues/804Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16893?
How severe is CVE-2017-16893?
How do I fix CVE-2017-16893?
Are you affected by CVE-2017-16893?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST