Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
piwigo piwigo |