Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2017-9452
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Piwigo Piwigo
NA
CVE-2012-2208
Directory traversal vulnerability in upgrade.php in Piwigo prior to 2.3.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Piwigo Piwigo
1 EDB exploit
6.1
CVSSv3
CVE-2017-9464
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" paramet...
Piwigo Piwigo
4.9
CVSSv3
CVE-2018-6883
Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Piwigo Piwigo
NA
CVE-2015-1517
SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Piwigo Piwigo
1 EDB exploit
4.9
CVSSv3
CVE-2020-19212
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19215
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
Piwigo Piwigo 2.9.5
5.4
CVSSv3
CVE-2020-9467
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Piwigo Piwigo 2.10.1
4.3
CVSSv3
CVE-2020-9468
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
Piwigo Piwigo 2.9.0
5.4
CVSSv3
CVE-2022-48007
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
Piwigo Piwigo 13.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »