Vulnerabilities > Piwigo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-06 | CVE-2014-125053 | SQL Injection vulnerability in Piwigo Guestbook A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. | 9.8 |
| 2022-08-31 | CVE-2022-37183 | Cross-site Scripting vulnerability in Piwigo 12.3.0 Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | 6.1 |
| 2022-07-14 | CVE-2022-32297 | SQL Injection vulnerability in Piwigo Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | 7.5 |
| 2022-06-28 | CVE-2021-40553 | Code Injection vulnerability in Piwigo 11.5.0 piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | 8.8 |
| 2022-06-14 | CVE-2021-40678 | Cross-site Scripting vulnerability in Piwigo 11.5.0 In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | 5.4 |
| 2022-05-26 | CVE-2021-40317 | SQL Injection vulnerability in Piwigo 11.5.0 Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | 8.8 |
| 2022-05-06 | CVE-2020-19212 | SQL Injection vulnerability in Piwigo 2.9.5 SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. | 4.9 |
| 2022-05-06 | CVE-2020-19213 | SQL Injection vulnerability in Piwigo 2.9.5 SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | 9.8 |
| 2022-05-06 | CVE-2020-19215 | SQL Injection vulnerability in Piwigo 2.9.5 SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | 8.8 |
| 2022-05-06 | CVE-2020-19216 | SQL Injection vulnerability in Piwigo 2.9.5 SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | 8.8 |