Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Piwigo Lexiglot
8.8
CVSSv3
CVE-2014-8942
Lexiglot through 2014-11-20 allows CSRF.
Piwigo Lexiglot
5.4
CVSSv3
CVE-2014-8944
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-8945
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Piwigo Lexiglot
9.8
CVSSv3
CVE-2014-125053
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to...
Piwigo Guestbook
NA
CVE-2014-1470
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candidate is a reservation duplicate of CVE-2014-2388. Notes: All CVE users should reference CVE-2014-2388 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
7.2
CVSSv3
CVE-2021-27973
SQL injection exists in Piwigo prior to 11.4.0 via the language parameter to admin.php?page=languages.
NA
CVE-2012-22081
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
NA
CVE-2012-22092
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »