module

Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

Try Surface Command
Back to search
Disclosed
Apr 21, 2023

Description

This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the (filter_user_id) parameter.
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today