Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3)...
Piwigo Piwigo
1 EDB exploit
383
VMScore
CVE-2016-10083
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo up to and including 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
Piwigo Piwigo
578
VMScore
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
578
VMScore
CVE-2016-10085
admin/languages.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Piwigo Piwigo
668
VMScore
CVE-2016-10105
admin/plugin.php in Piwigo up to and including 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Piwigo Piwigo
356
VMScore
CVE-2020-19212
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Piwigo Piwigo 2.9.5
668
VMScore
CVE-2020-19213
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Piwigo Piwigo 2.9.5
578
VMScore
CVE-2020-19217
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
Piwigo Piwigo 2.9.5
NA
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
Piwigo Piwigo 13.6.0
NA
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
Piwigo Piwigo 13.6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »