Description
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Remediation
References
Related Vulnerabilities
Django Incorrect Regular Expression Vulnerability (CVE-2018-7537)
WordPress Plugin Stripe For WooCommerce Security Bypass (3.3.9)
WordPress Plugin Teamleader CRM Forms Cross-Site Scripting (2.0.0)
Oracle HTTP Server Uncontrolled Recursion Vulnerability (CVE-2021-42717)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0018)