Vulnerabilities > Piwigo > Piwigo > 2.9.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-09 CVE-2023-44393 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Piwigo
Piwigo is an open source photo gallery application.
network
low complexity
piwigo CWE-80
6.1
6.1
2023-07-07 CVE-2023-37270 SQL Injection vulnerability in Piwigo
Piwigo is open source photo gallery software.
network
low complexity
piwigo CWE-89
8.8
8.8
2023-06-15 CVE-2023-34626 SQL Injection vulnerability in Piwigo
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
network
low complexity
piwigo CWE-89
4.3
4.3
2023-05-17 CVE-2023-27233 SQL Injection vulnerability in Piwigo
Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
network
low complexity
piwigo CWE-89
8.8
8.8
2023-04-21 CVE-2023-26876 SQL Injection vulnerability in Piwigo
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
network
low complexity
piwigo CWE-89
8.8
8.8
2017-12-21 CVE-2017-17827 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit.
network
piwigo CWE-352
6.8
6.8
2017-12-21 CVE-2017-17826 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request.
network
piwigo CWE-79
4.3
4.3
2017-12-21 CVE-2017-17825 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request.
network
piwigo CWE-79
3.5
3.5
2017-12-21 CVE-2017-17824 SQL Injection vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode.
network
low complexity
piwigo CWE-89
4.0
4.0
2017-12-21 CVE-2017-17823 SQL Injection vulnerability in Piwigo 2.9.2
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter.
network
low complexity
piwigo CWE-89
4.0
4.0