This exploit demonstrates SQL injection, stored XSS, and CSRF vulnerabilities in Piwigo 2.1.2. It includes attack patterns and a functional CSRF HTML form to change the admin password.
Classification
Working Poc 90%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target:Piwigo 2.1.2
Auth required
Prerequisites:Access to vulnerable Piwigo instance · Admin session for XSS exploitation