SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
piwigo piwigo 2.9.5