Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo 2.8.3 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-9751
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via the search parameter.
Piwigo Piwigo 2.8.3
6.1
CVSSv3
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
7.2
CVSSv3
CVE-2016-10085
admin/languages.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Piwigo Piwigo
7.2
CVSSv3
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
9.8
CVSSv3
CVE-2016-10105
admin/plugin.php in Piwigo up to and including 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Piwigo Piwigo
6.1
CVSSv3
CVE-2016-10083
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo up to and including 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
Piwigo Piwigo
6.5
CVSSv3
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started