CVE-2015-1517
Piwigo < 2.7.3 - Authenticated SQL Injection via Filter Level Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-1517. PoCs published by Sven Schleier.
AI-analyzed exploit summary This writeup describes a SQL injection vulnerability in Piwigo 2.7.3, where the 'filter_level' parameter in a POST request to the Batch Manager is vulnerable to boolean-based blind, error-based, and time-based SQL injection. The vulnerability allows authenticated users to execute arbitrary SQL queries.
Description
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Exploits (1)
This writeup describes a SQL injection vulnerability in Piwigo 2.7.3, where the 'filter_level' parameter in a POST request to the Batch Manager is vulnerable to boolean-based blind, error-based, and time-based SQL injection. The vulnerability allows authenticated users to execute arbitrary SQL queries.