Vulnerabilities > Piwigo

DATE CVE VULNERABILITY TITLE RISK
2013-03-13 CVE-2013-1469 Path Traversal vulnerability in Piwigo
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a ..
network
high complexity
piwigo CWE-22
4.0
2012-08-14 CVE-2012-2209 Cross-Site Scripting vulnerability in Piwigo
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
network
piwigo CWE-79
4.3
2012-08-14 CVE-2012-2208 Path Traversal vulnerability in Piwigo
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
piwigo CWE-22
7.5
2011-09-24 CVE-2011-3790 Information Exposure vulnerability in Piwigo 2.1.5
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
network
low complexity
piwigo CWE-200
5.0
2010-05-04 CVE-2010-1707 Cross-Site Scripting vulnerability in Piwigo
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.
network
piwigo CWE-79
4.3
2009-11-20 CVE-2009-4039 Cross-Site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
piwigo CWE-79
4.3
2009-08-21 CVE-2009-2933 SQL Injection vulnerability in Piwigo
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
network
low complexity
piwigo CWE-89
7.5