Piwigo prior to 13.6.0 exists to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
piwigo piwigo