cbcvebase.
CVE-2023-26876
published 2023-04-21

CVE-2023-26876: SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
9.72%
94.9th percentile
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.

Affected

1 ranges
VendorProductVersion rangeFixed in
piwigopiwigo<= 13.5.0

Detection & IOCsextracted from sources · hover to see the quote

urladmin.php?page=history&filter_image_id=&filter_user_id
pathadmin.php
  • Monitor HTTP requests to admin.php with the query parameters page=history and filter_user_id for SQL injection payloads (e.g., UNION SELECT, quotes, comment sequences) indicating exploitation of CVE-2023-26876.
  • The Metasploit auxiliary module targets authenticated sessions to extract usernames and encrypted passwords via SQL injection in the filter_user_id parameter; look for authenticated admin sessions making unusual or repeated requests to the history page with anomalous filter_user_id values.
  • ·Exploitation requires an authenticated session; unauthenticated attackers cannot directly exploit this endpoint. Detection should account for the attacker already possessing valid Piwigo credentials.
  • ·Affected versions are Piwigo v13.5.0 and earlier; detections and mitigations should be scoped to these versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.