Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2017-9836
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).
Piwigo Piwigo 2.9.1
8.8
CVSSv3
CVE-2021-40313
Piwigo v11.5 exists to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.
Piwigo Piwigo 11.5.0
8.8
CVSSv3
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
Piwigo Piwigo 11.5.0
5.4
CVSSv3
CVE-2018-7723
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
5.4
CVSSv3
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
NA
CVE-2011-3790
Piwigo 2.1.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
Piwigo Piwigo 2.1.5
6.1
CVSSv3
CVE-2018-5692
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
Piwigo Piwigo 2.8.2
8.8
CVSSv3
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF.
Piwigo Piwigo 2.9.2
6.1
CVSSv3
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
Piwigo Piwigo 2.9.2
4.8
CVSSv3
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
Piwigo Piwigo 2.9.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »