Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2018-6883
Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Piwigo Piwigo
7.5
CVSSv3
CVE-2017-10679
Piwigo up to and including 2.9.1 allows remote malicious users to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily...
Piwigo Piwigo
9.8
CVSSv3
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
8.8
CVSSv3
CVE-2017-10678
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to delete permalinks via a crafted request.
Piwigo Piwigo
8.8
CVSSv3
CVE-2017-10680
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to change a private album to public via a crafted request.
Piwigo Piwigo
8.8
CVSSv3
CVE-2017-10681
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to unlock albums via a crafted request.
Piwigo Piwigo
4.3
CVSSv3
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
Piwigo Piwigo
6.1
CVSSv3
CVE-2017-9464
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" paramet...
Piwigo Piwigo
NA
CVE-2012-2208
Directory traversal vulnerability in upgrade.php in Piwigo prior to 2.3.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Piwigo Piwigo
1 EDB exploit
NA
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3)...
Piwigo Piwigo
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »