8 matches found
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
CVE-2023-33362
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
Sql injection
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
Cross site request forgery (csrf)
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
CVE-2023-33361
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...