Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | |||||
| CVE-2021-32615 | 1 Piwigo | 1 Piwigo | 2021-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. | |||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2020-08-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | |||||
| CVE-2019-13364 | 1 Piwigo | 1 Piwigo | 2020-08-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | |||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | |||||
| CVE-2016-10105 | 1 Piwigo | 1 Piwigo | 2017-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence. | |||||