Local File Inclusion Vulnerability in Piwigo's LocalFilesEditor Extension
CVE-2021-31783

7.5HIGH

Key Information:

Vendor: Piwigo
Status: Localfiles Editor
Vendor: CVE Published:; 26 April 2021

What is CVE-2021-31783?

The LocalFilesEditor extension for Piwigo before version 11.4.0.1 is susceptible to a Local File Inclusion vulnerability due to inadequate validation of the file parameter in show_default.php. Attackers can exploit this flaw to include arbitrary files, potentially leading to unauthorized information disclosure or code execution. It's imperative for users of the affected versions to upgrade to the latest version to mitigate associated risks.