Vulnerabilities > Piwigo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2020-19217 | SQL Injection vulnerability in Piwigo 2.9.5 SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | 8.8 |
| 2022-03-18 | CVE-2022-26266 | SQL Injection vulnerability in Piwigo 12.2.0 Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 8.8 |
| 2022-03-18 | CVE-2022-26267 | Missing Authentication for Critical Function vulnerability in Piwigo 12.2.0 Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 7.5 |
| 2022-02-24 | CVE-2022-24620 | Cross-site Scripting vulnerability in Piwigo 12.2.0 Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. | 5.4 |
| 2022-02-10 | CVE-2021-45357 | Cross-site Scripting vulnerability in Piwigo 12.0.0/12.1.0 Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | 6.1 |
| 2022-01-28 | CVE-2016-3735 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Piwigo Piwigo is image gallery software written in PHP. | 8.1 |
| 2021-12-14 | CVE-2021-40882 | Cross-site Scripting vulnerability in Piwigo 11.5.0 A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 6.1 |
| 2021-12-06 | CVE-2021-40313 | SQL Injection vulnerability in Piwigo 11.5.0 Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | 8.8 |
| 2021-07-21 | CVE-2020-22148 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
| 2021-07-21 | CVE-2020-22150 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |