Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Piwigo Lexiglot
8.8
CVSSv3
CVE-2014-8943
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Piwigo Lexiglot
7.5
CVSSv3
CVE-2014-8937
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
Piwigo Lexiglot
5.3
CVSSv3
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Piwigo Lexiglot
5.3
CVSSv3
CVE-2014-8940
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-125053
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to...
Piwigo Guestbook
NA
CVE-2014-1470
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candidate is a reservation duplicate of CVE-2014-2388. Notes: All CVE users should reference CVE-2014-2388 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
7.2
CVSSv3
CVE-2021-27973
SQL injection exists in Piwigo prior to 11.4.0 via the language parameter to admin.php?page=languages.
NA
CVE-2012-22081
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
NA
CVE-2012-22092
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »