Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-10680
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to change a private album to public via a crafted request.
Piwigo Piwigo
6.8
CVSSv2
CVE-2017-10681
Cross-site request forgery (CSRF) vulnerability in Piwigo up to and including 2.9.1 allows remote malicious users to hijack the authentication of users for requests to unlock albums via a crafted request.
Piwigo Piwigo
7.5
CVSSv2
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
5.1
CVSSv2
CVE-2022-32297
Piwigo v12.2.0 exists to contain SQL injection vulnerability via the Search function.
Piwigo Piwigo
7.5
CVSSv2
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo prior to 2.0.3 allows remote malicious users to execute arbitrary SQL commands via the items_number parameter.
Piwigo Piwigo
4.3
CVSSv2
CVE-2016-10083
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo up to and including 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
Piwigo Piwigo
6.5
CVSSv2
CVE-2016-10084
admin/batch_manager.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
Piwigo Piwigo
6.5
CVSSv2
CVE-2016-10085
admin/languages.php in Piwigo up to and including 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
Piwigo Piwigo
7.5
CVSSv2
CVE-2016-10105
admin/plugin.php in Piwigo up to and including 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Piwigo Piwigo
3.5
CVSSv2
CVE-2017-9452
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Piwigo Piwigo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »