1037 matches found
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
CVE-2025-62406
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406
Summary: CVE-2025-62406 affects Piwigo. In version 15.6.0, the password-reset URL is constructed using the request Host header without validation, allowing an attacker who knows or guesses a username/email to send a password-reset link with a modified hostname to a target user. This could enable ...
Piwigo 授权问题漏洞
Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. An authorization issue vulnerability exists in Piwigo version 15.6.0, which stems from the password reset...
PT-2025-47413
Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.7.0 Description Piwigo is a photo gallery application for the web. The password reset function in versions prior to 15.7.0 does not validate the hostname used in the password-reset URL, which is taken directly from...
EUVD-2014-4540
Malware in sbrugna...
EUVD-2020-11122
Malware in sbrugna...
EUVD-2016-4748
Malware in sbrugna...
EUVD-2017-8064
Malware in sbrugna...
EUVD-2017-18361
Malware in sbrugna...
EUVD-2017-8978
Malware in sbrugna...
EUVD-2020-14913
Malware in sbrugna...
EUVD-2014-1224
Malware in sbrugna...
EUVD-2009-2921
Malware in sbrugna...
EUVD-2012-4453
Malware in sbrugna...
EUVD-2017-18360
Malware in sbrugna...