Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
6.1
CVSSv3
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
6.1
CVSSv3
CVE-2012-4525
piwigo has XSS in password.php
Piwigo Piwigo 2.3.1
Piwigo Piwigo
6.1
CVSSv3
CVE-2012-4526
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
Piwigo Piwigo 2.3.1
Piwigo Piwigo
6.1
CVSSv3
CVE-2021-45357
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
Piwigo Piwigo
4.9
CVSSv3
CVE-2018-6883
Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Piwigo Piwigo
6.5
CVSSv3
CVE-2017-16893
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. ta...
Piwigo Piwigo
8.8
CVSSv3
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote malicious user to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
Piwigo Piwigo
1 Metasploit module
8.8
CVSSv3
CVE-2023-27233
Piwigo prior to 13.6.0 exists to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
Piwigo Piwigo
NA
CVE-2015-2034
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo prior to 2.7.4 allows remote malicious users to inject arbitrary web script or HTML via the page parameter to admin.php.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »