Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
NA
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
4.3
CVSSv2
CVE-2012-4525
piwigo has XSS in password.php
Piwigo Piwigo 2.3.1
Piwigo Piwigo
4.3
CVSSv2
CVE-2012-4526
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
Piwigo Piwigo 2.3.1
Piwigo Piwigo
NA
CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when lo...
Piwigo Piwigo
NA
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote malicious user to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
Piwigo Piwigo
1 Metasploit module
NA
CVE-2023-27233
Piwigo prior to 13.6.0 exists to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
Piwigo Piwigo
5.1
CVSSv2
CVE-2022-32297
Piwigo v12.2.0 exists to contain SQL injection vulnerability via the Search function.
Piwigo Piwigo
4.3
CVSSv2
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
4.3
CVSSv2
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »