23 matches found
📄 Piwigo 13.6.0 SQL Injection
Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
EUVD-2023-31013
Malicious code in bioql PyPI...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
Path Traversal
Overview Tgstation.Server.Api is a package that defines HTTP headers, default credentials, models, rights, and routes for communicating with the tgstation-server API Affected versions of this package are vulnerable to Path Traversal that allows low privileged users to set .dme files on the host t...
GitLens Git Local Configuration Exec
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
CVE-2023-33362
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
Cross site request forgery (csrf)
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
Sql injection
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
Piwigo 跨站请求伪造漏洞
Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.6.0, which stems from a problem with the Add Tags feature and can be exploited by...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
PT-2023-24309 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 13.6.0 Description: The issue is related to SQL Injection via the "/admin/permalinks.php" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devic...
Piwigo SQL注入漏洞
Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.6.0, which stems from a problem in the /admin/permalinks.php file and can be...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. Affected component: admin/permalinks.php; root cause: unsanitized SQL input leading to high-severity (CRITICAL) impact on confidentiality, integrity, and availability (CVSS v3.1: 9.8). Exploitation indicators exist (PoC noted...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
CVE-2023-33362
Piwigo 13.6.0 is affected by a remote SQL injection in the profile function. The vulnerability (CVE-2023-33362) has CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). PoCs and public writeups exist (e.g., PACKETSTORM/ExploitsDB). A fix is available in Piwigo 13.7.0 and later; upgrading to 1...
Piwigo 11.0.x < 13.6.0 SQLi Vulnerability
Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...