Description
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cryptocurrency Donation Box-Bitcoin & Crypto Donations Security Bypass (1.7)
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7)
PostgreSQL Other Vulnerability (CVE-2005-0246)
Oracle HTTP Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
Oracle Database Server CVE-2006-0282 Vulnerability (CVE-2006-0282)