Filtered by vendor Piwigo
Subscriptions
Filtered by product Piwigo
Subscriptions
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10085 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | ||||
| CVE-2016-10084 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | ||||
| CVE-2016-10105 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence. | ||||
| CVE-2016-10083 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | ||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | ||||
| CVE-2014-4614 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method. | ||||
| CVE-2014-4648 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." | ||||
| CVE-2011-3790 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | ||||
| CVE-2013-1469 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. | ||||
| CVE-2013-1468 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors. | ||||
| CVE-2010-1707 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. | ||||
| CVE-2012-2209 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module. | ||||
| CVE-2012-2208 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2009-4039 | 1 Piwigo | 1 Piwigo | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2933 | 1 Piwigo | 1 Piwigo | 2025-04-09 | N/A |
| SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. | ||||
| CVE-2022-48007 | 1 Piwigo | 1 Piwigo | 2025-03-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. | ||||
| CVE-2023-26876 | 1 Piwigo | 1 Piwigo | 2025-02-13 | 8.8 High |
| SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. | ||||
| CVE-2023-33359 | 1 Piwigo | 1 Piwigo | 2025-01-31 | 4.3 Medium |
| Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | ||||
| CVE-2023-33361 | 1 Piwigo | 1 Piwigo | 2025-01-31 | 9.8 Critical |
| Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | ||||
| CVE-2023-27233 | 1 Piwigo | 1 Piwigo | 2025-01-22 | 8.8 High |
| Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | ||||