Description
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
Remediation
References
Related Vulnerabilities
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-3586)
WordPress Plugin Rimons Twitter Widget Cross-Site Scripting (1.2.4)
WordPress Plugin Rezgo Online Booking Cross-Site Scripting (1.8.6)
MySQL CVE-2023-21950 Vulnerability (CVE-2023-21950)
Oracle Application Server Other Vulnerability (CVE-2002-1089)