Vulnerabilities > Piwigo

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-06	CVE-2018-7724	Cross-site Scripting vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. network low complexity piwigo CWE-79	5.4
2018-03-06	CVE-2018-7723	Cross-site Scripting vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. network low complexity piwigo CWE-79	5.4
2018-03-06	CVE-2018-7722	Cross-site Scripting vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. network low complexity piwigo CWE-79	5.4
2018-02-24	CVE-2018-6883	SQL Injection vulnerability in Piwigo Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. network low complexity piwigo CWE-89	4.9
2018-01-14	CVE-2018-5692	Cross-site Scripting vulnerability in Piwigo 2.8.2 Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. network low complexity piwigo CWE-79	6.1
2017-12-21	CVE-2017-17827	Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. network low complexity piwigo CWE-352	8.8
2017-12-21	CVE-2017-17826	Cross-site Scripting vulnerability in Piwigo 2.9.2 The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. network low complexity piwigo CWE-79	6.1
2017-12-21	CVE-2017-17825	Cross-site Scripting vulnerability in Piwigo 2.9.2 The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. network low complexity piwigo CWE-79	4.8
2017-12-21	CVE-2017-17824	SQL Injection vulnerability in Piwigo 2.9.2 The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. network low complexity piwigo CWE-89	4.9
2017-12-21	CVE-2017-17823	SQL Injection vulnerability in Piwigo 2.9.2 The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. network low complexity piwigo CWE-89	4.9

Vulnerabilities > Piwigo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Piwigo"}]}

Vulnerabilities > Piwigo