Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3

February 18, 2015 007admin

Posted by Steffen Rösemann on Feb 18

Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo <=
v. 2.7.3
Advisory ID: SROEADV-2015-06
Author: Steffen Rösemann
Affected Software: CMS Piwigo <= v. 2.7.3 (Release date: 9th January 2015)
Vendor URL: http://piwigo.org
Vendor Status: patched
CVE-ID: –

==========================
Vulnerability Description:
==========================

Piwigo <= v. 2.7.3 suffers from a reflecting XSS and a SQL injection in its…

007 Software

Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3

Software and Security Information