CVE-2017-16893
Piwigo is affected by an SQL injection in version 2.9.2 (and possibly prior). The vulnerability arises because values of the edit_list parameters in tags.php are not sanitized, and are used to construct an SQL query that retrieves a list of registered users. This allows remote authenticated attac...