Description
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.18)
WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)
Apache version older than 1.3.27
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2050)