Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-9452
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Piwigo Piwigo
578
VMScore
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
383
VMScore
CVE-2017-5608
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo prior to 2.8.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted image filename.
Piwigo Piwigo
NA
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote malicious user to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
Piwigo Piwigo
1 Metasploit module
435
VMScore
CVE-2014-4613
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo prior to 2.6.2 allows remote malicious users to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Piwigo Piwigo
1 EDB exploit
312
VMScore
CVE-2017-9836
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).
Piwigo Piwigo 2.9.1
312
VMScore
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
312
VMScore
CVE-2018-7723
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
605
VMScore
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF.
Piwigo Piwigo 2.9.2
609
VMScore
CVE-2019-13364
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Piwigo Piwigo 2.9.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »