CVE-2024-43018
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| piwigo | piwigo | to 13.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-43018 is a SQL Injection vulnerability in Piwigo versions 13.8.0 and below. It occurs in the parameters 'max_level' and 'min_register' used in the ws_user_gerList function, which is called by ws.php and accessed via the /admin.php?page=user_list endpoint. Due to insufficient sanitization of these parameters, an attacker can inject malicious SQL code, causing SQL errors and potentially manipulating database queries. This can lead to unauthorized code execution and information disclosure. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to manipulate SQL queries by injecting malicious code through vulnerable parameters. The impacts include unauthorized disclosure of sensitive information, potential arbitrary code execution on the server, and disruption of normal application behavior. Exploiting this flaw could compromise the confidentiality and integrity of the data managed by Piwigo. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP requests to the /admin.php?page=user_list endpoint with manipulated 'max_level' and 'min_register' parameters containing SQL injection payloads such as a single quote ('). If the server responds with MySQL errors, it confirms the presence of the SQL Injection vulnerability. Tools like Burp Suite and Firefox can be used to craft and send these requests for testing. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the whitelist-based input validation fix implemented by the Piwigo developers as documented in their issue tracker. Additionally, deploying a Web Application Firewall (WAF) is recommended as an extra protective measure to block malicious SQL injection attempts. Upgrading to a fixed version when available is also advised. [2]