Vulnerabilities (CVE)

Filtered by vendor Piwigo Subscribe

Filtered by product Piwigo

Total 88 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-4526	1 Piwigo	1 Piwigo	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
CVE-2012-4525	1 Piwigo	1 Piwigo	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
piwigo has XSS in password.php
CVE-2012-2209	1 Piwigo	1 Piwigo	2024-11-21	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
CVE-2012-2208	1 Piwigo	1 Piwigo	2024-11-21	7.5 HIGH	N/A
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2011-3790	1 Piwigo	1 Piwigo	2024-11-21	5.0 MEDIUM	N/A
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
CVE-2010-1707	1 Piwigo	1 Piwigo	2024-11-21	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.
CVE-2009-4039	1 Piwigo	1 Piwigo	2024-11-21	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2933	1 Piwigo	1 Piwigo	2024-11-21	7.5 HIGH	N/A
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.

«
1
2
3
4
5
»