Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-9463
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. The...
Piwigo Piwigo
6.1
CVSSv3
CVE-2021-45357
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
Piwigo Piwigo
6.1
CVSSv3
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
6.5
CVSSv3
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
NA
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3)...
Piwigo Piwigo
1 EDB exploit
8.1
CVSSv3
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated malicious ...
Piwigo Piwigo
9.8
CVSSv3
CVE-2020-19213
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19216
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
Piwigo Piwigo 2.9.5
5.4
CVSSv3
CVE-2020-9467
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Piwigo Piwigo 2.10.1
6.1
CVSSv3
CVE-2021-40882
A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location.
Piwigo Piwigo 11.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »