Description
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Remediation
References
Related Vulnerabilities
WordPress 5.8 Multiple Vulnerabilities (5.8)
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8289)
WordPress Plugin 10Web Social Post Feed Unspecified Vulnerability (1.1.26)