Search CVE reports


Toggle filters

1 – 10 of 33 results


CVE-2021-27973

Medium priority

Not in release

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release Not in release Not in release
Show less packages

CVE-2020-9468

Unknown priority
Ignored

The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release Not in release Not in release
Show less packages

CVE-2020-9467

Medium priority
Ignored

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release Not in release Not in release
Show less packages

CVE-2020-8089

Unknown priority
Ignored

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release Not in release Not in release
Show less packages

CVE-2012-4526

Medium priority
Ignored

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages

CVE-2012-4525

Medium priority
Ignored

piwigo has XSS in password.php

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages

CVE-2014-4613

Medium priority
Ignored

Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a...

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages

CVE-2017-16893

Unknown priority

Not in release

The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the...

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages

CVE-2016-10514

Medium priority

Not in release

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http://...

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages

CVE-2016-10513

Medium priority

Not in release

Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.

1 affected package

piwigo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
piwigo Not in release
Show less packages