Vulnerabilities > Piwigo > Piwigo > 2.8.2

DATE CVE VULNERABILITY TITLE RISK
2017-01-28 CVE-2017-5608 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
network
piwigo CWE-79
4.3
4.3
2017-01-03 CVE-2016-10105 Improper Access Control vulnerability in Piwigo
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files.
network
low complexity
piwigo CWE-284
7.5
7.5
2016-12-30 CVE-2016-10085 Improper Access Control vulnerability in Piwigo
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
network
low complexity
piwigo CWE-284
6.5
6.5
2016-12-30 CVE-2016-10084 Improper Access Control vulnerability in Piwigo
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
network
low complexity
piwigo CWE-284
6.5
6.5
2016-12-30 CVE-2016-10083 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
network
piwigo CWE-79
4.3
4.3