Piwigo Security Vulnerabilities and Issues — Piwigo CVE List

Lucene search

PiwigoPiwigo

6 matches found

CVE•added 2018/01/14 4:29 a.m.•44 views

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2018/03/06 5:29 p.m.•40 views

CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

5.4CVSS5.7AI score0.00206EPSS

CVE•added 2018/03/06 5:29 p.m.•39 views

CVE-2018-7723

The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.

5.4CVSS5.1AI score0.00206EPSS

CVE•added 2018/03/16 5:29 p.m.•37 views

CVE-2014-4613

Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.

6.5CVSS6.7AI score0.04027EPSS

CVE•added 2018/02/24 4:29 p.m.•33 views

CVE-2018-6883

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.

4.9CVSS5.9AI score0.00263EPSS

CVE•added 2018/03/06 5:29 p.m.•32 views

CVE-2018-7724

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.

5.4CVSS5.7AI score0.00179EPSS