Name of the Vulnerable Software and Affected Versions:

Piwigo versions prior to 15.1.0

Description:

Piwigo is susceptible to a SQL injection issue affecting the `max level` and `min register` parameters. These parameters are utilized within the `ws user gerList` function, located in the `includews functionspwg.users.php` file. This function is subsequently invoked by the `ws.php` file during advanced user searches accessible through `/admin.php?page=user list`.

Recommendations:

Upgrade to version 15.1.0 or later.