Lucene search
K

1037 matches found

Exploit DB
Exploit DB
added 2025/12/02 12:0 a.m.163 views

Piwigo 13.6.0 - SQL Injection

Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...

9.8CVSS7AI score0.09058EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/11/19 11:14 p.m.10 views

CVE-2025-62406

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

8.8CVSS6.9AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 11:15 p.m.6 views

CVE-2025-62406

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

8.8CVSS0.0035EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 10:18 p.m.5 views

CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

8.1CVSS6.8AI score0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/18 10:18 p.m.5 views

CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

8.1CVSS6.5AI score0.0035EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/18 10:18 p.m.12 views

CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

8.1CVSS0.0035EPSS
Exploits1References2
CVE
CVE
added 2025/11/18 10:18 p.m.26 views

CVE-2025-62406

Summary: CVE-2025-62406 affects Piwigo. In version 15.6.0, the password-reset URL is constructed using the request Host header without validation, allowing an attacker who knows or guesses a username/email to send a password-reset link with a modified hostname to a target user. This could enable ...

8.8CVSS6.5AI score0.0035EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Piwigo 授权问题漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. An authorization issue vulnerability exists in Piwigo version 15.6.0, which stems from the password reset...

8.8CVSS6.7AI score0.0035EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.13 views

PT-2025-47413

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.7.0 Description Piwigo is a photo gallery application for the web. The password reset function in versions prior to 15.7.0 does not validate the hostname used in the password-reset URL, which is taken directly from...

8.1CVSS6.7AI score0.0035EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-4540

Malware in sbrugna...

6.5CVSS6.6AI score0.03225EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-11122

Malware in sbrugna...

8.8CVSS8.7AI score0.00928EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4748

Malware in sbrugna...

8.1CVSS8AI score0.01363EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-8064

Malware in sbrugna...

6.5CVSS6.5AI score0.01402EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18361

Malware in sbrugna...

9.8CVSS9.5AI score0.02719EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-8978

Malware in sbrugna...

8.8CVSS8.8AI score0.00769EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-14913

Malware in sbrugna...

6.1CVSS6.2AI score0.00951EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2014-1224

Malware in sbrugna...

9.8CVSS6AI score0.00724EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2921

Malware in sbrugna...

7.5CVSS6.4AI score0.01087EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4453

Malware in sbrugna...

6.1CVSS6.1AI score0.01207EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18360

Malware in sbrugna...

6.1CVSS6.3AI score0.01379EPSS
Exploits1References4
Rows per page
Query Builder