CVE-2023-37270 Scanner
Detects 'SQL Injection' vulnerability in Piwigo affects v. Prior to 13.8.0.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
Piwigo is a popular open-source photo gallery software that allows users to securely store and organize their photos online. It is widely used by individuals, photographers, and businesses alike to keep their photos safe and organized. With its user-friendly interface and intuitive design, Piwigo has become the go-to choice for many who want an easy-to-use yet robust photo gallery software.
CVE-2023-37270 is a SQL Injection vulnerability that was detected in Piwigo prior to version 13.8.0. This vulnerability occurs in the login process for the administrator screen. Essentially, the SQL statement that acquires the HTTP Header 'User-Agent' is vulnerable to exploitation at the endpoint where it records user information during the login process. This provides attackers with an opportunity to execute arbitrary SQL statements.
Exploiting this vulnerability allows attackers to execute any SQL statement, which may leak confidential information from the database. This can lead to a variety of risks, such as data breaches and identity theft. Attackers can steal, modify, or corrupt sensitive information from the affected database, which can have severe consequences for the organization or individual.
If you're concerned about the security of your digital assets, then you'll be pleased to learn that pro features of the SecurityForEveryone.com platform allows you to easily and quickly learn about vulnerabilities in your digital assets. With SecurityForEveryone, you can get instant alerts when vulnerabilities are detected and take proactive steps to secure your digital assets. So, protect your digital assets today and rest easy knowing that you're covered with SecurityForEveryone.
REFERENCES
- https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/dblayer/functions_mysqli.inc.php#L491
- https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/functions.inc.php#L621
- https://github.com/Piwigo/Piwigo/commit/978425527d6c113887f845d75cf982bbb62d761a
- https://github.com/Piwigo/Piwigo/security/advisories/GHSA-934w-qj9p-3qcx
- https://piwigo.org/release-13.8.0
control security posture