Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
piwigo vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
Piwigo Piwigo 2.9.2
4.8
CVSSv3
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
Piwigo Piwigo 2.9.2
6.1
CVSSv3
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in i...
Piwigo Piwigo 2.9.2
8.8
CVSSv3
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
Piwigo Piwigo 2.9.2
6.1
CVSSv3
CVE-2018-5692
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
Piwigo Piwigo 2.8.2
9.6
CVSSv3
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send&am...
Piwigo Piwigo 2.9.5
8.8
CVSSv3
CVE-2020-19215
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
Piwigo Piwigo 2.9.5
6.1
CVSSv3
CVE-2022-37183
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.
Piwigo Piwigo 12.3.0
6.1
CVSSv3
CVE-2016-9751
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote malicious users to inject arbitrary web script or HTML via the search parameter.
Piwigo Piwigo 2.8.3
5.4
CVSSv3
CVE-2022-48007
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
Piwigo Piwigo 13.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »