Medium severity6.5NVD Advisory· Published Oct 10, 2017· Updated May 13, 2026

CVE-2016-10514

Description

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.

Affected products

Piwigo/Piwigo
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
Range: <=2.8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

piwigo.org/releases/2.8.3nvdPatchRelease NotesVendor Advisory
github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57nvdIssue TrackingPatchThird Party Advisory
github.com/Piwigo/Piwigo/issues/547nvdIssue TrackingPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000