VYPR

Piwigo

by Piwigo

Source repositories

CVEs (107)

  • CVE-2023-37270Jul 7, 2023
    risk 0.00cvss epss 0.04

    Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when…

  • CVE-2023-34626Jun 15, 2023
    risk 0.00cvss epss 0.01

    Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.

  • CVE-2023-33359May 23, 2023
    risk 0.00cvss epss 0.00

    Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.

  • CVE-2023-33361May 23, 2023
    risk 0.00cvss epss 0.01

    Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.

  • CVE-2023-27233May 17, 2023
    risk 0.00cvss epss 0.01

    Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.

  • CVE-2022-48007Jan 27, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.

  • CVE-2014-125053Jan 6, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading…

  • CVE-2022-37183Aug 31, 2022
    risk 0.00cvss epss 0.01

    Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.

  • CVE-2022-32297Jul 14, 2022
    risk 0.00cvss epss 0.01

    Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.

  • CVE-2021-40553Jun 28, 2022
    risk 0.00cvss epss 0.02

    piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.

  • CVE-2021-40678Jun 14, 2022
    risk 0.00cvss epss 0.00

    In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.

  • CVE-2021-40317May 26, 2022
    risk 0.00cvss epss 0.01

    Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.

  • CVE-2020-19217May 6, 2022
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.

  • CVE-2020-19216May 6, 2022
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.

  • CVE-2020-19215May 6, 2022
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.

  • CVE-2020-19213May 6, 2022
    risk 0.00cvss epss 0.16

    SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.

  • CVE-2020-19212May 6, 2022
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.

  • CVE-2022-26267Mar 18, 2022
    risk 0.00cvss epss 0.01

    Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

  • CVE-2022-26266Mar 18, 2022
    risk 0.00cvss epss 0.01

    Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

  • CVE-2022-24620Feb 23, 2022
    risk 0.00cvss epss 0.01

    Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

Page 4 of 6