CVE-2017-10682

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-10682
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-10682.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-10682
Published
2017-06-29T21:29:00Z
Modified
2025-01-08T10:08:16.834603Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the catfalse or cattrue parameter in the comments or status page to cat_options.php.

References

Affected packages

Git / github.com/piwigo/piwigo

Affected ranges

Type
GIT
Repo
https://github.com/piwigo/piwigo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.8.0
2.8.0RC1
2.8.0RC2
2.8.1
2.8.2
2.9.0RC1
2.9.0RC2
2.9.0beta1
2.9.0beta2