Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Piwigo Lexiglot
5.3
CVSSv3
CVE-2014-8940
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Piwigo Lexiglot
8.8
CVSSv3
CVE-2014-8942
Lexiglot through 2014-11-20 allows CSRF.
Piwigo Lexiglot
8.8
CVSSv3
CVE-2014-8943
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Piwigo Lexiglot
5.4
CVSSv3
CVE-2014-8944
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
Piwigo Lexiglot
NA
CVE-2014-1470
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candidate is a reservation duplicate of CVE-2014-2388. Notes: All CVE users should reference CVE-2014-2388 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
7.2
CVSSv3
CVE-2021-27973
SQL injection exists in Piwigo prior to 11.4.0 via the language parameter to admin.php?page=languages.
NA
CVE-2012-22081
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
NA
CVE-2012-22092
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10