Piwigo 2.6.0 /picture.php SQL注入漏洞

/include/functionsrate.inc.php if !isset$rate or !$conf'rate' or !inarray$rate, $conf'rateitems' return false; …….. pwgquery$query; $query = ' INSERT INTO '.RATETABLE.' userid,anonymousid,elementid,rate,date VALUES ' .$user'id'.',' .'''.$anonymousid.'',' .$imageid.',' .$rate .',NOW ;';...