Unrated severityNVD Advisory· Published Dec 23, 2014· Updated Jun 17, 2026
CVE-2014-9115
CVE-2014-9115
Description
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*range: <=2.5.5
- cpe:2.3:a:piwigo:piwigo:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:piwigo:piwigo:2.7.1:*:*:*:*:*:*:*
- (no CPE)range: < 2.5.5 || >= 2.6.0, < 2.6.4 || >= 2.7.0, < 2.7.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.