Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-40678
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.
Piwigo Piwigo 11.5.0
4.9
CVSSv3
CVE-2020-19212
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Piwigo Piwigo 2.9.5
9.8
CVSSv3
CVE-2020-19213
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19215
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19216
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19217
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
Piwigo Piwigo 2.9.5
5.3
CVSSv3
CVE-2014-8940
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Piwigo Lexiglot
8.8
CVSSv3
CVE-2014-8943
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-125053
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to...
Piwigo Guestbook
7.5
CVSSv3
CVE-2014-8937
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
Piwigo Lexiglot
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »