{"id":"CVE-2016-10105","details":"admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.","modified":"2026-02-23T01:16:00.533886Z","published":"2017-01-03T06:59:00.137Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95202"},{"type":"ADVISORY","url":"https://github.com/Piwigo/Piwigo/issues/574#issuecomment-267938358"},{"type":"REPORT","url":"https://github.com/Piwigo/Piwigo/commit/8796e43aa344681d92a92e1f9b985409d4f36e31"},{"type":"REPORT","url":"https://github.com/Piwigo/Piwigo/commit/9004fdfc0b4a11cb32e9e15a5f67e4ec827e82dc"},{"type":"REPORT","url":"https://github.com/Piwigo/Piwigo/issues/574#issuecomment-267938358"},{"type":"FIX","url":"https://github.com/Piwigo/Piwigo/commit/8796e43aa344681d92a92e1f9b985409d4f36e31"},{"type":"FIX","url":"https://github.com/Piwigo/Piwigo/commit/9004fdfc0b4a11cb32e9e15a5f67e4ec827e82dc"},{"type":"FIX","url":"https://github.com/Piwigo/Piwigo/issues/574#issuecomment-267938358"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piwigo/piwigo","events":[{"introduced":"0"},{"fixed":"8796e43aa344681d92a92e1f9b985409d4f36e31"},{"introduced":"0"},{"fixed":"9004fdfc0b4a11cb32e9e15a5f67e4ec827e82dc"}]}],"versions":["2.8.0","2.8.0RC1","2.8.0RC2","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10105.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}