Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-10681
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to unlock albums via a crafted request.
Piwigo Piwigo
8.8
CVSSv3
CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when lo...
Piwigo Piwigo
4.8
CVSSv3
CVE-2017-9452
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Piwigo Piwigo
6.5
CVSSv3
CVE-2017-9463
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The...
Piwigo Piwigo
6.1
CVSSv3
CVE-2021-45357
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
Piwigo Piwigo
4.3
CVSSv3
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
Piwigo Piwigo
NA
CVE-2015-1517
SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Piwigo Piwigo
1 EDB exploit
6.1
CVSSv3
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
6.5
CVSSv3
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
NA
CVE-2012-2208
Directory traversal vulnerability in upgrade.php in Piwigo prior to 2.3.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Piwigo Piwigo
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »