17 matches found
EUVD-2017-8978
Malware in sbrugna...
Cross site scripting
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...
Cross site request forgery (csrf)
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...
Sql injection
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
Cross site request forgery (csrf)
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
Cross site request forgery (csrf)
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF...
CVE-2017-17775
Piwigo 2.9.2 is vulnerable to a cross-site scripting (XSS) flaw triggered by the name parameter in an admin.php?page=album-3-properties request. The issue affects the web-based photo gallery software as described in CVE-2017-17775; details in connected records confirm the vulnerability class and ...
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...
Piwigo 'name' Parameter Cross-Site Scripting Vulnerability
Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A cross-site scripting vulnerability exists in Piwigo version 2.9.2. A remote...