Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
NA
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
Piwigo Piwigo 13.6.0
NA
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
Piwigo Piwigo 13.6.0
NA
CVE-2023-33362
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
Piwigo Piwigo 13.6.0
3.5
CVSSv2
CVE-2017-9836
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).
Piwigo Piwigo 2.9.1
3.5
CVSSv2
CVE-2020-8089
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
Piwigo Piwigo 2.10.1
5
CVSSv2
CVE-2014-8937
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
Piwigo Lexiglot
2.1
CVSSv2
CVE-2014-8938
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
Piwigo Lexiglot
4.3
CVSSv2
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Piwigo Lexiglot
5
CVSSv2
CVE-2014-8940
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Piwigo Lexiglot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »