CVE-2014-9115
Publication date 23 December 2014
Last updated 24 July 2024
Ubuntu priority
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
Status
Package | Ubuntu Release | Status |
---|---|---|
piwigo | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |