Vulnerabilities > Piwigo > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-33361 SQL Injection vulnerability in Piwigo 13.6.0
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2023-05-23 CVE-2023-33362 SQL Injection vulnerability in Piwigo 13.6.0
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2023-01-06 CVE-2014-125053 Unspecified vulnerability in Piwigo Guestbook
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0.
network
low complexity
piwigo
critical
 9.8
9.8
2022-05-06 CVE-2020-19213 SQL Injection vulnerability in Piwigo 2.9.5
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2021-05-13 CVE-2021-32615 SQL Injection vulnerability in Piwigo 11.4.0
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2020-06-01 CVE-2014-8945 OS Command Injection vulnerability in Piwigo Lexiglot
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
network
low complexity
piwigo CWE-78
critical
 9.8
9.8
2020-06-01 CVE-2014-8941 SQL Injection vulnerability in Piwigo Lexiglot
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8
2019-09-13 CVE-2019-13364 Cross-site Scripting vulnerability in Piwigo 2.9.5
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter.
network
low complexity
piwigo CWE-79
critical
 9.6
9.6
2019-09-13 CVE-2019-13363 Cross-site Scripting vulnerability in Piwigo 2.9.5
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter.
network
low complexity
piwigo CWE-79
critical
 9.6
9.6
2017-06-29 CVE-2017-10682 SQL Injection vulnerability in Piwigo
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
network
low complexity
piwigo CWE-89
critical
 9.8
9.8