Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo piwigo vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-4648
Unspecified vulnerability in Piwigo prior to 2.6.3 has unknown impact and attack vectors, related to a "security failure."
Piwigo Piwigo
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
7.6
CVSSv2
CVE-2013-1468
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo prior to 2.4.7 allows remote malicious users to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
Piwigo Piwigo 1.6.2
Piwigo Piwigo 1.3.1
Piwigo Piwigo 2.2.5
Piwigo Piwigo 2.0.7
Piwigo Piwigo 2.1.2
Piwigo Piwigo 2.0.6
Piwigo Piwigo 2.0.9
Piwigo Piwigo 2.0.0
Piwigo Piwigo 2.1.4
Piwigo Piwigo 2.3.4
Piwigo Piwigo 1.0.0
Piwigo Piwigo 2.4.0
Piwigo Piwigo 2.1.5
Piwigo Piwigo 1.2.1
Piwigo Piwigo 2.0.2
Piwigo Piwigo 2.3.1
Piwigo Piwigo 2.0.1
Piwigo Piwigo 2.2.2
Piwigo Piwigo 1.1.0
Piwigo Piwigo 2.0.8
Piwigo Piwigo 2.2.0
Piwigo Piwigo 2.4.1
1 EDB exploit
7.5
CVSSv2
CVE-2020-19213
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Piwigo Piwigo 2.9.5
7.5
CVSSv2
CVE-2021-32615
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
Piwigo Piwigo 11.4.0
7.5
CVSSv2
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Piwigo Lexiglot
7.5
CVSSv2
CVE-2014-8945
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Piwigo Lexiglot
7.5
CVSSv2
CVE-2017-9426
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
Facetag Project Facetag 0.0.3
7.5
CVSSv2
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
7.5
CVSSv2
CVE-2016-10105
admin/plugin.php in Piwigo up to and including 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
Piwigo Piwigo
7.5
CVSSv2
CVE-2015-1441
SQL injection vulnerability in Piwigo prior to 2.5.6, 2.6.x prior to 2.6.5, and 2.7.x prior to 2.7.3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Piwigo Piwigo 2.6.3
Piwigo Piwigo 2.7.0
Piwigo Piwigo
Piwigo Piwigo 2.7.1
Piwigo Piwigo 2.6.4
Piwigo Piwigo 2.6.1
Piwigo Piwigo 2.6.0
Piwigo Piwigo 2.7.2
Piwigo Piwigo 2.6.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »