17 matches found
EUVD-2017-8978
Malware in sbrugna...
Cross site request forgery (csrf)
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...
Cross site scripting
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
Sql injection
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
Cross site request forgery (csrf)
admin/configuration.php in Piwigo 2.9.2 has CSRF...
Cross site request forgery (csrf)
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17775
Piwigo 2.9.2 is vulnerable to a cross-site scripting (XSS) flaw triggered by the name parameter in an admin.php?page=album-3-properties request. The issue affects the web-based photo gallery software as described in CVE-2017-17775; details in connected records confirm the vulnerability class and ...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
Piwigo 'name' Parameter Cross-Site Scripting Vulnerability
Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A cross-site scripting vulnerability exists in Piwigo version 2.9.2. A remote...