Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
383
VMScore
CVE-2012-4525
piwigo has XSS in password.php
Piwigo Piwigo 2.3.1
Piwigo Piwigo
383
VMScore
CVE-2012-4526
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
Piwigo Piwigo 2.3.1
Piwigo Piwigo
NA
CVE-2023-44393
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an malicio...
Piwigo Piwigo 14.0.0
Piwigo Piwigo
383
VMScore
CVE-2016-10513
Cross Site Scripting (XSS) exists in Piwigo prior to 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Piwigo Piwigo
383
VMScore
CVE-2016-10514
url_check_format in include/functions.inc.php in Piwigo prior to 2.8.3 allows remote malicious users to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Piwigo Piwigo
578
VMScore
CVE-2015-2035
SQL injection vulnerability in the administrative backend in Piwigo prior to 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Piwigo Piwigo
356
VMScore
CVE-2018-6883
Piwigo prior to 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Piwigo Piwigo
356
VMScore
CVE-2017-16893
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated malicious users to obtain information in the context of the user used by the application to retrieve data from the database. ta...
Piwigo Piwigo
383
VMScore
CVE-2017-5608
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo prior to 2.8.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted image filename.
Piwigo Piwigo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »