Vulnerabilities > Piwigo > Piwigo > 2.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-16 | CVE-2014-4613 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. | 4.3 |
| 2018-02-24 | CVE-2018-6883 | SQL Injection vulnerability in Piwigo Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. | 4.0 |
| 2017-12-01 | CVE-2017-16893 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. | 4.0 |
| 2017-10-10 | CVE-2016-10514 | Improper Access Control vulnerability in Piwigo url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | 4.3 |
| 2017-10-10 | CVE-2016-10513 | Cross-site Scripting vulnerability in Piwigo Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. | 4.3 |
| 2017-06-29 | CVE-2017-10682 | SQL Injection vulnerability in Piwigo SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | 7.5 |
| 2017-06-29 | CVE-2017-10681 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | 6.8 |
| 2017-06-29 | CVE-2017-10680 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | 6.8 |
| 2017-06-29 | CVE-2017-10679 | Information Exposure vulnerability in Piwigo Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. | 5.0 |
| 2017-06-29 | CVE-2017-10678 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | 6.8 |