VYPR

Vendor CVEs

Piwigo

All CVEs

107 total · sorted by risk
  • CVE-2014-4614Jul 2, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5)…

  • CVE-2014-4649Jun 28, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

  • CVE-2014-4648Jun 28, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."

  • CVE-2011-3790Sep 24, 2011
    risk 0.00cvss epss 0.01

    Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.

  • CVE-2010-1707May 4, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.

  • CVE-2009-4039Nov 20, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2933Aug 21, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.

Page 3 of 3