Piwigo@2.3.1 Security Vulnerabilities and Issues — Piwigo@2.3.1 CVE List

Lucene search

PiwigoPiwigo2.3.1

6 matches found

CVE•added 2013/03/14 3:13 a.m.•58 views

CVE-2013-1468

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

7.6CVSS7.2AI score0.18848EPSS

Web

CVE•added 2013/03/13 8:55 p.m.•48 views

CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

4CVSS6.5AI score0.51633EPSS

Web

CVE•added 2019/12/02 6:15 p.m.•47 views

CVE-2012-4526

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

6.1CVSS5.9AI score0.00427EPSS

CVE•added 2014/08/14 5:1 a.m.•41 views

CVE-2014-1980

Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.

4.3CVSS5.9AI score0.00296EPSS

CVE•added 2019/12/02 6:15 p.m.•38 views

CVE-2012-4525

piwigo has XSS in password.php

6.1CVSS5.9AI score0.00427EPSS

CVE•added 2014/07/02 8:55 p.m.•32 views

CVE-2014-4614

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add...

6.8CVSS7.4AI score0.00176EPSS