Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

piwigo vulnerabilities and exploits

(subscribe to this query)

3.5
CVSSv2
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible....
Piwigo Piwigo 2.9.3
6.5
CVSSv2
CVE-2016-10084
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter)....
Piwigo Piwigo
7.5
CVSSv2
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter....
Piwigo Piwigo
4
CVSSv2
CVE-2017-16893
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database....
Piwigo Piwigo
4.3
CVSSv2
CVE-2014-4613
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php....
Piwigo Piwigo
3.5
CVSSv2
CVE-2017-9836
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album)....
Piwigo Piwigo 2.9.1
6.8
CVSSv2
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content,...
Piwigo Piwigo 2.9.5
6.8
CVSSv2
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF....
Piwigo Piwigo 2.9.2
4.3
CVSSv2
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in...
Piwigo Piwigo 2.9.2
4
CVSSv2
CVE-2017-9463
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The...
Piwigo Piwigo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote attackersCVE-2021-31258lightcmsman-in-the-middleCVE-2021-20989CVE-2021-28310CVE-2020-4006CVE-2021-28548spoofCVE-2021-27112lightcms project
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook