CVE-2020-19217: SQL Injection
First published: Fri May 06 2022(Updated: )
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo Piwigo | =2.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL Injection vulnerability?
The vulnerability ID for this SQL Injection vulnerability is CVE-2020-19217.
What is the affected software version for this vulnerability?
The affected software version for this vulnerability is Piwigo v2.9.5.
What is the severity rating of CVE-2020-19217?
CVE-2020-19217 has a severity rating of high (8.8).
What is the CWE category of this vulnerability?
The CWE category of this vulnerability is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).
Is there a fix available for this vulnerability?
Yes, a fix is available for this vulnerability. Users are advised to upgrade to a patched version of Piwigo.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/piwigo
- canonical/piwigo piwigo
- version/piwigo piwigo/2.9.5