Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28662
A Cross Site Scripting vulnerability exists in Piwigo prior to 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.
NA
CVE-2024-26450
An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing r...
6.1
CVSSv3
CVE-2023-51790
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote malicious user to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.
Piwigo Piwigo 14.0.0
6.1
CVSSv3
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
8.8
CVSSv3
CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when lo...
Piwigo Piwigo
4.3
CVSSv3
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
Piwigo Piwigo
9.8
CVSSv3
CVE-2023-33362
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
Piwigo Piwigo 13.6.0
4.3
CVSSv3
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
Piwigo Piwigo 13.6.0
9.8
CVSSv3
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
Piwigo Piwigo 13.6.0
8.8
CVSSv3
CVE-2023-27233
Piwigo prior to 13.6.0 exists to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
Piwigo Piwigo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »