Piwigo@2.3.3 Security Vulnerabilities and Issues — Piwigo@2.3.3 CVE List

Lucene search

PiwigoPiwigo2.3.3

6 matches found

CVE•added 2013/03/14 3:13 a.m.•59 views

CVE-2013-1468

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

7.6CVSS7.2AI score0.18848EPSS

CVE•added 2013/03/13 8:55 p.m.•49 views

CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

4CVSS6.5AI score0.51633EPSS

CVE•added 2014/08/14 5:1 a.m.•43 views

CVE-2014-1980

Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.

4.3CVSS5.9AI score0.00296EPSS

CVE•added 2012/08/14 10:55 p.m.•41 views

CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

7.5CVSS7AI score0.19226EPSS

CVE•added 2012/08/14 10:55 p.m.•36 views

CVE-2012-2209

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the the...

4.3CVSS5.6AI score0.06652EPSS

CVE•added 2014/07/02 8:55 p.m.•33 views

CVE-2014-4614

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add...

6.8CVSS7.4AI score0.00176EPSS