Vulnerabilities > Piwigo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2022-26266 | SQL Injection vulnerability in Piwigo 12.2.0 Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 6.5 |
| 2022-03-18 | CVE-2022-26267 | Missing Authentication for Critical Function vulnerability in Piwigo 12.2.0 Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 7.5 |
| 2022-02-24 | CVE-2022-24620 | Cross-site Scripting vulnerability in Piwigo 12.2.0 Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. | 3.5 |
| 2022-02-10 | CVE-2021-45357 | Cross-site Scripting vulnerability in Piwigo Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | 4.3 |
| 2022-01-28 | CVE-2016-3735 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Piwigo Piwigo is image gallery software written in PHP. | 8.1 |
| 2021-12-14 | CVE-2021-40882 | Cross-site Scripting vulnerability in Piwigo 11.5.0 A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 4.3 |
| 2021-12-06 | CVE-2021-40313 | SQL Injection vulnerability in Piwigo 11.5.0 Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | 6.5 |
| 2021-07-21 | CVE-2020-22148 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
| 2021-07-21 | CVE-2020-22150 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
| 2021-05-13 | CVE-2021-32615 | SQL Injection vulnerability in Piwigo 11.4.0 Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. | 7.5 |