Description
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)
SharePoint CVE-2020-17121 Vulnerability (CVE-2020-17121)
WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)
MySQL CVE-2024-21244 Vulnerability (CVE-2024-21244)
WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)