13 matches found
Piwigo 13.7.0 - SQL Injection
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...
EUVD-2023-38670
Malicious code in bioql PyPI...
GitLab 12.8 < 13.6.6 / 13.7.0 < 13.7.6 / 13.8.0 < 13.8.2 (CVE-2021-22184)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. CVE-2021-22184 Note that...
WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control
Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...
Piwigo < 13.8.0 SQLi Vulnerability
Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
Piwigo 13.7.0 Cross Site Scripting
Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting XSS Authenticated Date: 25 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://piwigo.org Version: 13.7.0 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with any user...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
Sql injection
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
CVE-2023-34626 affects Piwigo 13.7.0 and is a SQL injection vulnerability in the "+Users" function. The connected documents corroborate the impact as SQL injection on Piwigo 13.7.0, but do not provide concrete details on the root cause, specific vulnerable query, affected versions beyond 13.7.0, ...
PT-2021-21765 · Unknown · Validator.Js
Name of the Vulnerable Software and Affected Versions: validator.js versions prior to 13.7.0 Description: The issue is related to Inefficient Regular Expression Complexity. It affects the rtrim and trim sanitizers. There is no information provided about the estimated number of potentially affecte...