🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2023-08-10 16:50:57
- iansouth12
- Member
- 2023-08-10
- 2
Will piwigo 14.x fix the SQLi vulnerability?
Hello/Hi/Greetings,
I'm hoping it will as openvas seems to think this is not "will not fix" thing (CVE-2022-32297)...
Piwigo 13.8.0 Check for upgrade
Installed on 8 August 2020, 3 years 1 day ago
Operating system: Linux
PHP: 8.0.29 (Show info) [2023-08-10 10:50:18]
MySQL: 10.11.2-MariaDB-1 [2023-08-10 10:50:18]
Graphics Library: External ImageMagick 7.1.1-12
Cache size 2021.64 Mo calculated 1 year ago Refresh
Piwigo URL: http://www.south-border.com/piwigo/
Offline
#2 2023-08-11 11:19:11
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13793
Re: Will piwigo 14.x fix the SQLi vulnerability?
In a way, yes. Because instead of using search id in the URL, we will use a search key, like this : index.php?/search/psk-20230809-thuVvgrfrG see [Github] Piwigo issue #1953
Offline
#3 2023-08-11 16:55:10
- iansouth12
- Member
- 2023-08-10
- 2
Re: Will piwigo 14.x fix the SQLi vulnerability?
Thanks for the clarification. Much appreciated
Offline