Security Advisory

CVE-2014-9115

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-12-23 11:00:00

Last updated 2024-08-06 13:33:13

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.

← Browse all CVEs View on cve.org ↗