Description
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1432)
WordPress Plugin WP Background Takeover Directory Traversal (4.1.4)
WordPress Plugin 10Web Social Post Feed Unspecified Vulnerability (1.1.26)
Python Uncontrolled Search Path Element Vulnerability (CVE-2017-20052)