Vulnerabilities > Piwigo

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2020-19212 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
network
low complexity
piwigo CWE-89
4.0
2022-05-06 CVE-2020-19213 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
network
low complexity
piwigo CWE-89
7.5
2022-05-06 CVE-2020-19215 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
network
low complexity
piwigo CWE-89
6.5
2022-05-06 CVE-2020-19216 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
network
low complexity
piwigo CWE-89
6.5
2022-05-06 CVE-2020-19217 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
network
low complexity
piwigo CWE-89
6.5
2022-03-18 CVE-2022-26266 SQL Injection vulnerability in Piwigo 12.2.0
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
network
low complexity
piwigo CWE-89
6.5
2022-03-18 CVE-2022-26267 Exposure of Resource to Wrong Sphere vulnerability in Piwigo 12.2.0
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.
network
low complexity
piwigo CWE-668
5.0
2022-02-24 CVE-2022-24620 Cross-site Scripting vulnerability in Piwigo 12.2.0
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation.
network
piwigo CWE-79
3.5
2022-02-10 CVE-2021-45357 Cross-site Scripting vulnerability in Piwigo
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
network
piwigo CWE-79
4.3
2022-01-28 CVE-2016-3735 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Piwigo
Piwigo is image gallery software written in PHP.
network
piwigo CWE-335
6.8