Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6883 - Vulnerability Database

Piwigo

Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6883

Medium

Reference: CVE-2018-6883

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-6883

Title: Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel via the tags array parameter in an admin.phppagetags request. The attacker must be an administrator.