Vulnerabilities > Piwigo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-21 | CVE-2017-17822 | SQL Injection vulnerability in Piwigo 2.9.2 The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. | 4.9 |
| 2017-12-20 | CVE-2017-17775 | Cross-site Scripting vulnerability in Piwigo 2.9.2 Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | 6.1 |
| 2017-12-20 | CVE-2017-17774 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 admin/configuration.php in Piwigo 2.9.2 has CSRF. | 8.8 |
| 2017-12-01 | CVE-2017-16893 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. | 6.5 |
| 2017-10-10 | CVE-2016-10514 | Improper Access Control vulnerability in Piwigo url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | 6.5 |
| 2017-10-10 | CVE-2016-10513 | Cross-site Scripting vulnerability in Piwigo Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. | 6.1 |
| 2017-06-29 | CVE-2017-10682 | SQL Injection vulnerability in Piwigo SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | 9.8 |
| 2017-06-29 | CVE-2017-10681 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10680 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10679 | Information Exposure vulnerability in Piwigo Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. | 7.5 |