CVE-2017-17823

Name of the Vulnerable Software and Affected Versions Piwigo version 2.9.2

Description The Configuration component of Piwigo is vulnerable to SQL Injection via the order by array parameter in the admin/configuration.php file. An attacker can exploit this to gain access to the data in a connected MySQL database.

Recommendations For Piwigo version 2.9.2, avoid using the order by array parameter in the admin/configuration.php file until a patch is available. As a temporary workaround, consider restricting access to the admin/configuration.php file to minimize the risk of exploitation.