Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Piwigo Subscribe
Filtered by product Piwigo
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7723 1 Piwigo 1 Piwigo 2024-11-21 3.5 LOW 5.4 MEDIUM
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
CVE-2018-7722 1 Piwigo 1 Piwigo 2024-11-21 3.5 LOW 5.4 MEDIUM
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
CVE-2018-6883 1 Piwigo 1 Piwigo 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
CVE-2018-5692 1 Piwigo 1 Piwigo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
CVE-2016-3735 1 Piwigo 1 Piwigo 2024-11-21 6.8 MEDIUM 8.1 HIGH
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.
CVE-2014-4613 1 Piwigo 1 Piwigo 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
CVE-2012-4526 1 Piwigo 1 Piwigo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
CVE-2012-4525 1 Piwigo 1 Piwigo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
piwigo has XSS in password.php