Vulnerabilities > Piwigo > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-33361 SQL Injection vulnerability in Piwigo 13.6.0
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2023-05-23 CVE-2023-33362 SQL Injection vulnerability in Piwigo 13.6.0
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2023-01-06 CVE-2014-125053 SQL Injection vulnerability in Piwigo Guestbook
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2019-09-13 CVE-2019-13364 Cross-site Scripting vulnerability in Piwigo 2.9.5
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter.
network
low complexity
piwigo CWE-79
critical
 9.6
9.6
2019-09-13 CVE-2019-13363 Cross-site Scripting vulnerability in Piwigo 2.9.5
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter.
network
low complexity
piwigo CWE-79
critical
 9.6
9.6
2014-06-28 CVE-2014-4648 Security vulnerability in Piwigo
Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."
network
low complexity
piwigo
critical
 10.0
10