Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-45357
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
Piwigo Piwigo
6.1
CVSSv3
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
6.1
CVSSv3
CVE-2017-5608
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo prior to 2.8.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted image filename.
Piwigo Piwigo
NA
CVE-2012-2208
Directory traversal vulnerability in upgrade.php in Piwigo prior to 2.3.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Piwigo Piwigo
1 EDB exploit
NA
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3)...
Piwigo Piwigo
1 EDB exploit
7.2
CVSSv3
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
4.8
CVSSv3
CVE-2017-9452
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Piwigo Piwigo
6.5
CVSSv3
CVE-2017-9463
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The...
Piwigo Piwigo
6.1
CVSSv3
CVE-2017-9464
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" paramet...
Piwigo Piwigo
NA
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »