Search CVE reports
1 – 10 of 33 results
CVE-2021-27973
Medium priorityNot in release
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | Not in release | Not in release | Not in release |
CVE-2020-9468
Unknown priorityThe Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | Not in release | Not in release | Not in release |
CVE-2020-9467
Medium priorityPiwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | Not in release | Not in release | Not in release |
CVE-2020-8089
Unknown priorityPiwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | Not in release | Not in release | Not in release |
CVE-2012-4526
Medium prioritypiwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |
CVE-2012-4525
Medium prioritypiwigo has XSS in password.php
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |
CVE-2014-4613
Medium priorityCross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a...
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |
CVE-2017-16893
Unknown priorityNot in release
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the...
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |
CVE-2016-10514
Medium priorityNot in release
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http://...
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |
CVE-2016-10513
Medium priorityNot in release
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
1 affected package
piwigo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
piwigo | — | — | — | — | Not in release |