Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Piwigo
(Piwigo)Repositories | https://github.com/Piwigo/Piwigo |
#Vulnerabilities | 88 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-05-23 | CVE-2023-33362 | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | Piwigo | 9.8 | ||
2023-05-17 | CVE-2023-27233 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | Piwigo | 8.8 | ||
2023-04-21 | CVE-2023-26876 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. | Piwigo | 8.8 | ||
2019-09-13 | CVE-2019-13363 | admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | Piwigo | 9.6 | ||
2019-09-13 | CVE-2019-13364 | admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | Piwigo | 9.6 | ||
2023-01-27 | CVE-2022-48007 | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. | Piwigo | 5.4 | ||
2022-08-31 | CVE-2022-37183 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | Piwigo | 6.1 | ||
2022-07-14 | CVE-2022-32297 | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | Piwigo | 7.5 | ||
2022-06-14 | CVE-2021-40678 | In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | Piwigo | 5.4 | ||
2022-05-26 | CVE-2021-40317 | Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | Piwigo | 8.8 |