CVE-2017-17824: SQL Injection
First published: Thu Dec 21 2017(Updated: )
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo Piwigo | =2.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-17824?
CVE-2017-17824 is a vulnerability in the Batch Manager component of Piwigo 2.9.2 that allows SQL Injection via the admin/batch_manager_unit.php element_ids parameter.
How severe is CVE-2017-17824?
CVE-2017-17824 has a severity rating of 4.9, which is considered medium.
How can an attacker exploit CVE-2017-17824?
An attacker can exploit CVE-2017-17824 by manipulating the element_ids parameter in unit mode of the admin/batch_manager_unit.php file to perform SQL Injection attacks.
What is the affected software version of CVE-2017-17824?
The affected software version of CVE-2017-17824 is Piwigo 2.9.2.
Is there a fix available for CVE-2017-17824?
Yes, a fix for CVE-2017-17824 is available. More information can be found in the provided references.
- collector/nvd-index
- vendor/piwigo
- canonical/piwigo piwigo
- version/piwigo piwigo/2.9.2