CVE-2017-17824
- Source
- https://cve.org/CVERecord?id=CVE-2017-17824
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17824.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-17824
- Published
- 2017-12-21T04:29:00.353Z
- Modified
- 2026-02-24T11:21:08.362944Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
- References
-
- https://github.com/Piwigo/Piwigo/commit/f7c8e0a947a857ff5d31dafd03842df41959b84c
- https://github.com/Piwigo/Piwigo/issues/825
- https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md
- https://github.com/Piwigo/Piwigo/commit/f7c8e0a947a857ff5d31dafd03842df41959b84c
- https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md