cpe:/a:piwigo:piwigo:2.8.3 CVE-2016-10084 2016-12-30T02:59:00.237-05:00 2017-01-03T14:00:59.750-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-01-03T12:30:50.237-05:00 BID 95164 CONFIRM https://github.com/Piwigo/Piwigo/commit/9dd92959f6975099e0c62163a846a4648a6a920f CONFIRM https://github.com/Piwigo/Piwigo/issues/572#issuecomment-268252202 admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).