CVE-2017-10679
Affected software and issue. Piwigo up to version 2.9.1 is vulnerable to an information-disclosure flaw where a remote attacker can obtain the descriptive name of a permalink by inspecting the redirect URL returned when requesting the permalink ID for a private album. The vulnerability relies on ...