Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote malicious user to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
Piwigo Piwigo
1 Metasploit module
6.1
CVSSv3
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
NA
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
Piwigo Piwigo
4.3
CVSSv3
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
Piwigo Piwigo
6.5
CVSSv3
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
5.4
CVSSv3
CVE-2022-48007
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
Piwigo Piwigo 13.4.0
8.8
CVSSv3
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
Piwigo Piwigo 11.5.0
8.8
CVSSv3
CVE-2021-40553
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
Piwigo Piwigo 11.5.0
8.8
CVSSv3
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF.
Piwigo Piwigo 2.9.2
5.4
CVSSv3
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »