Description
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
Remediation
References
Related Vulnerabilities
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress Plugin Backup and Staging by WP Time Capsule PHP Object Injection (1.21.9)
WordPress Plugin WP AutoComplete Search SQL Injection (1.0.4)