EUVD-2020-30286

Malware in sbrugna...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

Piwigo 2.10.1 Cross Site Scripting

Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...

Piwigo 2.10.1 - Cross Site Scripting

Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2014-4613

Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...

CVE-2014-4613

Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...

CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...

CVE-2017-9425

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

CVE-2017-9425

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action...

Piwigo Facetag Extension SQL Injection Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Facetag extension is one of the face tagging plugins. A SQL injection vulnerability exists in the ws.php file in version 0.0.3 of the...

Facetag Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Facetag extension is one of the face tagging plugins. A cross-site scripting vulnerability exists in version 0.0.3 of the Piwigo Facetag...