29 matches found
EUVD-2017-8976
Malware in sbrugna...
EUVD-2020-11124
Malware in sbrugna...
EUVD-2017-8975
Malware in sbrugna...
EUVD-2021-27850
Malicious code in bioql PyPI...
CVE-2021-40678
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batchmanager&mode=unit...
CVE-2021-40678
CVE-2021-40678 concerns Piwigo 11.5.0, where a persistent cross-site scripting (XSS) vulnerability exists in the single mode function via the URL path /admin.php?page=batch_manager&mode=unit. The connected documents consistently describe it as a client-side JavaScript execution risk reachable thr...
CVE-2020-19217
SQL Injection vulnerability in admin/batchmanager.php in piwigo v2.9.5, via the filtercategory parameter to admin.php?page=batchmanager...
Sql injection
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwgtoken in /admin/batchmanagerglobal.php...
CVE-2021-40313
CVE-2021-40313 affects Piwigo v11.5, with a SQL injection vulnerability in the pwg_token parameter of /admin/batch_manager_global.php. The issue is caused by insufficient escaping/ filtering, as reported across sources (NVD entry and Red Hat/CVE references). Impact is described as SQL injection w...
Honeywell C200E Controller Module
Binary data 764873.prm...
Piwigo Batch Manager Component Cross-Site Scripting Vulnerability
Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A cross-site scripting vulnerability exists in the Batch Manager component in Piwi...
Piwigo Batch Manager Component SQL Injection Vulnerability
Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A SQL injection vulnerability exists in the Batch Manager component in Piwigo...
Cross site request forgery (csrf)
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...
Cross site scripting
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...
Sql injection
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...