Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo 2.9.5 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2020-19212
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Piwigo Piwigo 2.9.5
9.8
CVSSv3
CVE-2020-19213
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19215
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19216
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19217
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
Piwigo Piwigo 2.9.5
9.6
CVSSv3
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send&am...
Piwigo Piwigo 2.9.5
9.6
CVSSv3
CVE-2019-13364
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Piwigo Piwigo 2.9.5
NA
CVE-2019-1336309
Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started