Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
6.1
CVSSv3
CVE-2012-4526
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
Piwigo Piwigo 2.3.1
Piwigo Piwigo
6.1
CVSSv3
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
6.1
CVSSv3
CVE-2012-4525
piwigo has XSS in password.php
Piwigo Piwigo 2.3.1
Piwigo Piwigo
NA
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
Piwigo Piwigo
6.1
CVSSv3
CVE-2017-5608
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo prior to 2.8.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted image filename.
Piwigo Piwigo
8.1
CVSSv3
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated malicious ...
Piwigo Piwigo
6.5
CVSSv3
CVE-2014-4613
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo prior to 2.6.2 allows remote malicious users to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Piwigo Piwigo
1 EDB exploit
4.9
CVSSv3
CVE-2018-6883
Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Piwigo Piwigo
8.8
CVSSv3
CVE-2023-27233
Piwigo prior to 13.6.0 exists to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »