Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-2034
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo prior to 2.7.4 allows remote malicious users to inject arbitrary web script or HTML via the page parameter to admin.php.
Piwigo Piwigo
NA
CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when lo...
Piwigo Piwigo
755
VMScore
CVE-2012-2208
Directory traversal vulnerability in upgrade.php in Piwigo prior to 2.3.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Piwigo Piwigo
1 EDB exploit
435
VMScore
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3)...
Piwigo Piwigo
1 EDB exploit
578
VMScore
CVE-2016-10085
admin/languages.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Piwigo Piwigo
605
VMScore
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated malicious ...
Piwigo Piwigo
605
VMScore
CVE-2015-1517
SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Piwigo Piwigo
1 EDB exploit
668
VMScore
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
Piwigo Piwigo
516
VMScore
CVE-2017-9464
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" paramet...
Piwigo Piwigo
755
VMScore
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »