Vulnerabilities > Piwigo > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-02 CVE-2012-4525 Cross-site Scripting vulnerability in Piwigo
piwigo has XSS in password.php
network
low complexity
piwigo CWE-79
6.1
6.1
2018-03-16 CVE-2014-4613 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
network
low complexity
piwigo CWE-352
6.5
6.5
2018-03-06 CVE-2018-7724 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-03-06 CVE-2018-7723 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-03-06 CVE-2018-7722 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-02-24 CVE-2018-6883 SQL Injection vulnerability in Piwigo
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request.
network
low complexity
piwigo CWE-89
4.9
4.9
2018-01-14 CVE-2018-5692 Cross-site Scripting vulnerability in Piwigo 2.8.2
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
network
low complexity
piwigo CWE-79
6.1
6.1
2017-12-21 CVE-2017-17826 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request.
network
low complexity
piwigo CWE-79
6.1
6.1
2017-12-21 CVE-2017-17825 Cross-site Scripting vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request.
network
low complexity
piwigo CWE-79
4.8
4.8
2017-12-21 CVE-2017-17824 SQL Injection vulnerability in Piwigo 2.9.2
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode.
network
low complexity
piwigo CWE-89
4.9
4.9