Vulnerabilities > Piwigo > Piwigo > 2.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-17 | CVE-2014-3900 | Cross-Site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | 4.3 |
| 2014-06-28 | CVE-2014-4649 | SQL Injection vulnerability in Piwigo SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | 6.5 |
| 2014-06-28 | CVE-2014-4648 | Security vulnerability in Piwigo Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." | 10.0 |