Description
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-0431 Vulnerability (CVE-2014-0431)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.2.7)
WordPress Plugin Best Seo Remote Code Execution (1.5)
SharePoint Improper Input Validation Vulnerability (CVE-2013-0081)
Oracle Database Server CVE-2015-4753 Vulnerability (CVE-2015-4753)