CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
Date published : 2017-12-20
https://github.com/Piwigo/Piwigo/commit/91ef7909a5c51203f330cbecf986472900b60983