Flop25

**Name of the Vulnerable Software and Affected Versions** Piwigo versions prior to 2.9.2 **Description** The issue allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL returned in a request for the permalink ID number of a private album. The permalink ID numbers can be easily guessed. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.