The advisory details a reflected XSS vulnerability in the 'page' parameter of admin.php and a SQL injection vulnerability in the 'user' parameter of the history functionality in Piwigo CMS <= v. 2.7.3. It includes exploit examples and technical details but does not provide functional exploit code.
Classification
Writeup 100%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target:Piwigo CMS <= v. 2.7.3
Auth required
Prerequisites:Access to the administrative backend · Valid session cookies