Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
445
VMScore
CVE-2022-26267
Piwigo v12.2.0 exists to contain an information leak via the action parameter in /admin/maintenance_actions.php.
Piwigo Piwigo 12.2.0
312
VMScore
CVE-2021-40678
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.
Piwigo Piwigo 11.5.0
605
VMScore
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
Piwigo Piwigo 2.9.2
609
VMScore
CVE-2019-13364
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Piwigo Piwigo 2.9.5
NA
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
Piwigo Piwigo 13.6.0
NA
CVE-2023-33362
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
Piwigo Piwigo 13.6.0
NA
CVE-2023-51790
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote malicious user to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.
Piwigo Piwigo 14.0.0
356
VMScore
CVE-2020-19212
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Piwigo Piwigo 2.9.5
NA
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
Piwigo Piwigo 13.6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »