CVE-2014-9115 in Piwigoinfo

Summary

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

11/26/2014

Disclosure

12/23/2014

Moderation

VulDB entry created

Entries

VDB-73352

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.00579

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9115
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9115
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9115/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!