CVE-2020-19213

Name of the Vulnerable Software and Affected Versions piwigo version 2.9.5

Description The issue is related to a SQL Injection vulnerability in the cat move.php file, specifically via the selection parameter to move categories. This allows for potential exploitation.

Recommendations For piwigo version 2.9.5, consider restricting access to the cat move.php file or the selection parameter until a patch is available. As a temporary workaround, avoid using the selection parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.