Vulnerabilities > Piwigo

DATE CVE VULNERABILITY TITLE RISK
2018-03-06 CVE-2018-7723 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836.
network
piwigo CWE-79
3.5
2018-03-06 CVE-2018-7722 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request.
network
piwigo CWE-79
3.5
2018-02-24 CVE-2018-6883 SQL Injection vulnerability in Piwigo
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request.
network
low complexity
piwigo CWE-89
4.0
2018-01-14 CVE-2018-5692 Cross-site Scripting vulnerability in Piwigo 2.8.2
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
network
piwigo CWE-79
4.3
2017-12-21 CVE-2017-17827 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit.
network
piwigo CWE-352
6.8
2017-12-21 CVE-2017-17826 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request.
network
piwigo CWE-79
4.3
2017-12-21 CVE-2017-17825 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request.
network
piwigo CWE-79
3.5
2017-12-21 CVE-2017-17824 SQL Injection vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode.
network
low complexity
piwigo CWE-89
4.0
2017-12-21 CVE-2017-17823 SQL Injection vulnerability in Piwigo 2.9.2
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter.
network
low complexity
piwigo CWE-89
4.0
2017-12-21 CVE-2017-17822 SQL Injection vulnerability in Piwigo 2.9.2
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter.
network
low complexity
piwigo CWE-89
4.0