CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. dot dot in the dl parameter...

CVE-2012-4525

piwigo has XSS in password.php...

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

PT-2024-21380 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions prior to 14.2.0 Description: An issue exists within Piwigo allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scriptin...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

CVE-2023-34626

Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...

CVE-2023-33362

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...

CVE-2023-33362

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...

CVE-2023-27233

Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order0dir parameter at userlistbackend.php...

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

Piwigo 跨站脚本漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo v13.4.0, which stems from its identification.php component's manipulation of User-Agent that...

CVE-2022-48007

A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...

PT-2022-23860 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo version 12.3.0 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the "/search/1940/created-monthly-list" API endpoint. This allows for malicious scripts to be injected into the website...

Code Execution Vulnerability in Piwigo

Piwigo is a web-based photo album software from the Piwigo team. A code execution vulnerability exists in Piwigo. A remote attacker can exploit this vulnerability to write arbitrary code and gain server privileges...

Community Input Validation Error Vulnerability

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management.Community is one of the plug-ins that support users to create albums and add photos. A security vulnerability exists in Community versi...

Piwigo SQL Injection Vulnerability (CNVD-2018-06303)

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in admin/tags.php in the admin panel in Piwigo before 2.9.3. An attacker can exploit this vulnerability by using the tags array parameter in the admin.php?page=tags request to perform a SQL injection...

Piwigo SQL Injection Vulnerability

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in Piwigo 2.9.2 and prior versions. A remote authenticated attacker can exploit the vulnerability to obtain information in the context of a user that the application uses to retrieve data from a databa...

Piwigo Remote File Inclusion Vulnerability (CNVD-2017-00112)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A security vulnerability exists in the admin/plugin.php file in Piwigo 2.8.3 and earlier versions, which stems from the...

Piwigo Remote File Inclusion Vulnerability

Piwigo is a photo album script written in PHP. A security vulnerability exists in the admin/languages.php implementation in versions prior to Piwigo 2.8.3, where a remote administrator user passes the tab parameter and the executable file contains an attack...