Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
6.1
CVSSv3
CVE-2012-4526
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
Piwigo Piwigo 2.3.1
Piwigo Piwigo
6.1
CVSSv3
CVE-2012-4525
piwigo has XSS in password.php
Piwigo Piwigo 2.3.1
Piwigo Piwigo
6.1
CVSSv3
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
6.1
CVSSv3
CVE-2016-10083
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo up to and including 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
Piwigo Piwigo
7.2
CVSSv3
CVE-2016-10085
admin/languages.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Piwigo Piwigo
9.8
CVSSv3
CVE-2016-10105
admin/plugin.php in Piwigo up to and including 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Piwigo Piwigo
7.2
CVSSv3
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
6.1
CVSSv3
CVE-2017-5608
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo prior to 2.8.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted image filename.
Piwigo Piwigo
8.8
CVSSv3
CVE-2017-10678
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to delete permalinks via a crafted request.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »