Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-22148
A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows malicious users to execute arbitrary web scripts or HTML.
Piwigo Piwigo 2.10.1
6.1
CVSSv3
CVE-2020-22150
A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows malicious users to execute arbitrary web scripts or HTML.
Piwigo Piwigo 2.10.1
5.4
CVSSv3
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
5.4
CVSSv3
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
4.3
CVSSv3
CVE-2020-9468
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
Piwigo Piwigo 2.9.0
5.4
CVSSv3
CVE-2018-7723
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
Piwigo Piwigo 2.9.3
NA
CVE-2011-3790
Piwigo 2.1.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
Piwigo Piwigo 2.1.5
8.8
CVSSv3
CVE-2022-26266
Piwigo v12.2.0 exists to contain a SQL injection vulnerability via pwg.users.php.
Piwigo Piwigo 12.2.0
8.8
CVSSv3
CVE-2021-40553
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
Piwigo Piwigo 11.5.0
7.5
CVSSv3
CVE-2022-26267
Piwigo v12.2.0 exists to contain an information leak via the action parameter in /admin/maintenance_actions.php.
Piwigo Piwigo 12.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »