CVE-2018-6883

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 2.9.3

Description The issue concerns SQL injection in the administration panel, specifically in admin/tags.php. It can be exploited via the tags array parameter in an "admin.php?page=tags" request. The attacker must have administrator privileges to exploit this issue.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel to minimize the risk of exploitation. Avoid using the tags array parameter in the affected API endpoint until the issue is resolved.