Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-9463
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The...
Piwigo Piwigo
5.8
CVSSv2
CVE-2017-9464
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" paramet...
Piwigo Piwigo
6.8
CVSSv2
CVE-2017-10678
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to delete permalinks via a crafted request.
Piwigo Piwigo
5
CVSSv2
CVE-2017-10679
Piwigo up to and including 2.9.1 allows remote malicious users to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily...
Piwigo Piwigo
6.8
CVSSv2
CVE-2017-10680
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to change a private album to public via a crafted request.
Piwigo Piwigo
6.8
CVSSv2
CVE-2017-10681
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to unlock albums via a crafted request.
Piwigo Piwigo
4.3
CVSSv2
CVE-2015-2034
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo prior to 2.7.4 allows remote malicious users to inject arbitrary web script or HTML via the page parameter to admin.php.
Piwigo Piwigo
6.8
CVSSv2
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated malicious ...
Piwigo Piwigo
7.5
CVSSv2
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
4.3
CVSSv2
CVE-2021-45357
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
Piwigo Piwigo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »