Description
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Remediation
References
Related Vulnerabilities
Django Resource Management Errors Vulnerability (CVE-2015-5143)
WordPress Plugin Post Pay Counter PHP Object Injection (2.730)
WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)
MySQL CVE-2019-2536 Vulnerability (CVE-2019-2536)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)