Piwigo@2.6.1 Security Vulnerabilities and Issues — Piwigo@2.6.1 CVE List

Lucene search

PiwigoPiwigo2.6.1

6 matches found

CVE•added 2014/06/28 3:55 p.m.•42 views

CVE-2014-4648

Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."

10CVSS6.7AI score0.00436EPSS

CVE•added 2014/12/23 11:59 a.m.•41 views

CVE-2014-9115

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a compar...

7.5CVSS8.6AI score0.00579EPSS

Web

CVE•added 2014/06/28 3:55 p.m.•39 views

CVE-2014-4649

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

6.5CVSS8.1AI score0.00267EPSS

CVE•added 2014/08/17 6:55 p.m.•38 views

CVE-2014-3900

Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.

4.3CVSS5.7AI score0.00267EPSS

Web

CVE•added 2015/02/03 4:59 p.m.•34 views

CVE-2015-1441

SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.7AI score0.00706EPSS

CVE•added 2014/07/02 8:55 p.m.•33 views

CVE-2014-4614

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add...

6.8CVSS7.4AI score0.00176EPSS