5 matches found
EUVD-2014-3837
Malware in sbrugna...
EUVD-2014-4575
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/picturemodify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate field, a different vulnerability than CVE-2014-4649...
CVE-2014-3900
CVE-2014-3900 affects Piwigo 2.6.3 and earlier. An XSS flaw in admin/picture_modify.php (photo-edit subsystem) allows injection of arbitrary script via the associate[] field. Root cause involves insufficient input handling; impact is user browser script execution. Exploitation status is not detai...
CVE-2014-4649
Piwigo contains a SQL injection vulnerability (CVE-2014-4649) in the photo-edit subsystem for versions 2.6.x and 2.7.x prior to 2.7.0beta2. The issue allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. Affected software is Piwigo, with the root ...