Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-8978

Malware in sbrugna...

8.8CVSS8.8AI score0.00769EPSS
Exploits0References4
Prion
Prion
added 2017/12/21 4:29 a.m.15 views

Cross site scripting

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

3.5CVSS4.8AI score0.0054EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/12/21 4:29 a.m.2 views

CVE-2017-17827

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...

8.8CVSS8.1AI score0.00769EPSS
Exploits0References4
Prion
Prion
added 2017/12/21 4:29 a.m.11 views

Cross site request forgery (csrf)

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batchmanager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions...

6.8CVSS8.6AI score0.00769EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/12/21 4:29 a.m.20 views

Sql injection

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

4CVSS5.8AI score0.0137EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/12/21 4:29 a.m.12 views

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

4.9CVSS5.7AI score0.0137EPSS
Exploits0References3
OSV
OSV
added 2017/12/21 4:29 a.m.21 views

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

4.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2017/12/21 4:0 a.m.17 views

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

6.6AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2017/12/20 3:29 a.m.12 views

Cross site request forgery (csrf)

admin/configuration.php in Piwigo 2.9.2 has CSRF...

6.8CVSS8.6AI score0.00581EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/12/20 3:29 a.m.14 views

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

8.8CVSS8.7AI score0.00581EPSS
Exploits1References2
OSV
OSV
added 2017/12/20 3:29 a.m.17 views

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

8.8CVSS8.9AI score
Exploits0References2
Prion
Prion
added 2017/12/20 3:29 a.m.11 views

Cross site request forgery (csrf)

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

4.3CVSS5.9AI score0.00683EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/12/20 3:29 a.m.11 views

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

6.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2017/12/20 3:0 a.m.19 views

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

8.8AI score0.00581EPSS
Exploits1References2
CVE
CVE
added 2017/12/20 3:0 a.m.54 views

CVE-2017-17775

Piwigo 2.9.2 is vulnerable to a cross-site scripting (XSS) flaw triggered by the name parameter in an admin.php?page=album-3-properties request. The issue affects the web-based photo gallery software as described in CVE-2017-17775; details in connected records confirm the vulnerability class and ...

6.1CVSS6.2AI score0.00683EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/20 3:0 a.m.20 views

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

6.7AI score0.00683EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/20 12:0 a.m.1 views

Piwigo 'name' Parameter Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A cross-site scripting vulnerability exists in Piwigo version 2.9.2. A remote...

6.1CVSS6AI score0.00683EPSS
Exploits1References1
Rows per page
Query Builder