Product:

Piwigo

(Piwigo)
Repositories https://github.com/Piwigo/Piwigo
#Vulnerabilities 88
Date Id Summary Products Score Patch Annotated
2023-05-23 CVE-2023-33362 Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. Piwigo 9.8
2023-05-17 CVE-2023-27233 Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. Piwigo 8.8
2023-04-21 CVE-2023-26876 SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. Piwigo 8.8
2019-09-13 CVE-2019-13363 admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. Piwigo 9.6
2019-09-13 CVE-2019-13364 admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. Piwigo 9.6
2023-01-27 CVE-2022-48007 A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. Piwigo 5.4
2022-08-31 CVE-2022-37183 Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Piwigo 6.1
2022-07-14 CVE-2022-32297 Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. Piwigo 7.5
2022-06-14 CVE-2021-40678 In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. Piwigo 5.4
2022-05-26 CVE-2021-40317 Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. Piwigo 8.8