Description
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Portable phpMyAdmin Authentication Bypass (1.3.0)
WordPress Plugin Analyticator Cross-Site Request Forgery (6.4.9.3)
PostgreSQL CVE-2022-41862 Vulnerability (CVE-2022-41862)
MySQL CVE-2014-6496 Vulnerability (CVE-2014-6496)
Oracle Database Server CVE-2010-2415 Vulnerability (CVE-2010-2415)