SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
piwigo piwigo