CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Cross site request forgery (csrf)

admin/configuration.php in Piwigo 2.9.2 has CSRF...

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

CVE-2011-5159

GeSleeklog (Geeklog) vulnerability in admin/configuration.php before 1.7.1sr1 allows remote XSS via the sub_group parameter. The issue is a distinct variant from CVE-2011-4942 and arises in the subgroup parameter handling, potentially enabling script insertion. Redhat/NVD entries confirm similar ...

tsep 0.942.02 - Multiple Vulnerabilities

tsep 0.942.02 - Multiple Vulnerabilities TSEP "0" && $percent = "100" 62: $sqlins = "INSERT INTO $dbtablename alttag,display,valuepercent,imageshow,comment 63: VALUES '$alt','$display',...