CVE-2022-32297
📋 TL;DR
CVE-2022-32297 is a SQL injection vulnerability in Piwigo's search function that allows attackers to execute arbitrary SQL commands. This affects Piwigo v12.2.0 installations, potentially compromising database confidentiality and integrity. Any Piwigo instance with the vulnerable version is at risk.
💻 Affected Systems
- Piwigo
📦 What is this software?
Piwigo by Piwigo
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, modification, or deletion; potential privilege escalation to administrative access; possible remote code execution if database permissions allow.
Likely Case
Unauthorized data extraction from the Piwigo database, including user credentials, photos metadata, and configuration information.
If Mitigated
Limited impact with proper input validation and parameterized queries in place; database permissions restricting write access.
🎯 Exploit Status
Exploitation requires user authentication; the vulnerability is in the search functionality accessible to authenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v12.3.0 and later
Vendor Advisory: https://github.com/Piwigo/Piwigo/security/advisories/GHSA-4q7w-3v6q-9vq8
Restart Required: No
Instructions:
1. Backup your Piwigo installation and database. 2. Download Piwigo v12.3.0 or later from the official repository. 3. Replace the existing installation files with the updated version. 4. Verify the update was successful by checking the version in the admin panel.
🔧 Temporary Workarounds
Disable Search Function
allTemporarily disable the search functionality to prevent exploitation while planning for patching.
# Modify Piwigo configuration or disable search via admin interface
Input Validation Filter
linuxImplement web application firewall rules or input validation to block SQL injection patterns in search queries.
# Example mod_security rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in custom code if search functionality is modified.
- Restrict database user permissions to read-only access for the Piwigo application user.
🔍 How to Verify
Check if Vulnerable:
Check the Piwigo version in the admin panel under 'Configuration' > 'System' > 'Version'. If it shows v12.2.0, the system is vulnerable.Check Version:
# Check Piwigo version via admin panel or inspect include/constants.php for version constantVerify Fix Applied:
After updating, verify the version shows v12.3.0 or later in the admin panel. Test the search functionality with SQL injection test payloads to ensure they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs from Piwigo application
- Multiple failed login attempts followed by search queries with SQL syntax
Network Indicators:
- HTTP POST requests to search endpoints containing SQL keywords like UNION, SELECT, INSERT
SIEM Query:
source="piwigo_access.log" AND (url="*search*" AND (method="POST" OR method="GET") AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*"))