Description
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)
PHP Other Vulnerability (CVE-2015-4600)
Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-1000110)
Joomla! Core Local File Inclusion (2.5.0 - 3.8.8)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (6.1.6)