url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the or substring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
piwigo piwigo |