EUVD-2017-18361

Malware in sbrugna...

Design/Logic Flaw

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

CVE-2017-9425

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

Sql injection

ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action...

CVE-2017-9426

ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action...

CVE-2017-9425

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

CVE-2017-9426

ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action...

CVE-2017-9426

CVE-2017-9426 affects the Piwigo Facetag extension (version 0.0.3). The ws.php component enables SQL injection via the imageId parameter used by facetag.changeTag and facetag.listTags, as described in the CVE entry. The vulnerability is exploitable over the network with no authentication required...

CVE-2017-9425

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

CVE-2017-9426

ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action...

CVE-2017-9425

The CVE-2017-9425 entry describes an XSS vulnerability in the Facetag extension 0.0.3 for Piwigo, exploitable via the name parameter to ws.php in a facetag.changeTag action. The affected component is the Facetag extension (version 0.0.3) for Piwigo; root cause is reflected in the description of a...

Piwigo Facetag Extension SQL Injection Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Facetag extension is one of the face tagging plugins. A SQL injection vulnerability exists in the ws.php file in version 0.0.3 of the...

Facetag Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Facetag extension is one of the face tagging plugins. A cross-site scripting vulnerability exists in version 0.0.3 of the Piwigo Facetag...

Piwigo Facetag SQL Injection Vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. The Piwigo Facetag plugin suffers from a SQL injection vulnerability due to the program failing to properly filter...

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

Piwigo Plugin Facetag 0.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author:...

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh...

Piwigo Facetag 0.0.3 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh...

Piwigo Facetag 0.0.3 SQL Injection

Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh2...

Piwigo Plugin Facetag 0.0.3 - SQL Injection

Piwigo Plugin Facetag 0.0.3 - SQL Injection Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shai...