Description
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gmedia Photo Gallery Cross-Site Scripting (0.9.3)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)
WordPress Plugin myTreasures Cross-Site Scripting (2.4.10)
WordPress Plugin PWA for WP & AMP Unspecified Vulnerability (1.0.8)
WordPress Plugin Download Manager Arbitrary File Deletion (3.2.50)