Filtered by vendor Piwigo
Subscriptions
Filtered by product Piwigo
Subscriptions
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9452 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2017-5608 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | ||||
| CVE-2017-17827 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | ||||
| CVE-2017-17825 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | ||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-17775 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | ||||
| CVE-2017-10679 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed. | ||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | ||||
| CVE-2017-10681 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2017-10678 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | ||||
| CVE-2023-33362 | 1 Piwigo | 1 Piwigo | 2025-04-16 | 9.8 Critical |
| Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | ||||
| CVE-2016-9751 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2016-10083 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | ||||
| CVE-2014-3900 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | ||||
| CVE-2015-2035 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | ||||
| CVE-2015-2034 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php. | ||||
| CVE-2015-1517 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php. | ||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | ||||
| CVE-2014-4648 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." | ||||