Akityo

**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.10 **Description** The issue allows remote users to execute arbitrary SQL commands. This can be achieved by exploiting the `cat false` or `cat true` parameter in the comments or status page to "cat options.php" API endpoint. **Recommendations** For versions prior to 2.10, update to version 2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cat options.php" endpoint or avoiding the use of the `cat false` and `cat true` parameters until the issue is resolved.