By Renan Albuquerque

In a survey conducted by Tempest Security Intelligence’s Technical Consulting team, a vulnerability present in the Piwigo photo manager has been identified and reported. Through the CVE-2023-27233, MITRE published the recognition of this weakness in version 13.5.0, which allows the execution of arbitrary SQL commands on the target server.

Piwigo is an Open Source project that aims to perform media management. Its version 13.5.0, is vulnerable to attacks known as SQL Injection.

The vulnerability was reported to the developers of the software which was fixed in version 13.6.0.

The link available below, redirects to CVE-2023-27233 which contains the references of the exploit vulnerability found in Piwigo’s versions.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27233