Home > Vulnerability Database > CVE-2015-2035

WhiteSource Vulnerability Database

CVE-2015-2035

Good to know:

Date: February 20, 2015

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: http://seclists.org/fulldisclosure/2015/Feb/73

Url: http://piwigo.org/forum/viewtopic.php?id=25179

Url: http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-2035

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2015-2035

Severity Score

6.5

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 2.7.4

Learn More

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2015-2035

Good to know:

Date: February 20, 2015

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v2

Do you need more information?