The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
PHP
Piwigo
NVD
GitHub
CVSS 3.0
4.9
EPSS
0.3%
Prev
Page 2 of 2