CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-125053 – Piwigo-Guest-Book Navigation Bar guestbook.inc.php sql injection
https://notcve.org/view.php?id=CVE-2014-125053
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. • https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1 https://vuldb.com/?ctiid.217582 https://vuldb.com/?id.217582 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37183
https://notcve.org/view.php?id=CVE-2022-37183
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Piwigo versión 12.3.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de /search/1940/created-monthly-list • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Piwigo/2022/12.3.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32297
https://notcve.org/view.php?id=CVE-2022-32297
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. Se ha detectado que Piwigo versión v12.2.0, contiene una vulnerabilidad de inyección SQL por medio de la función Search • https://github.com/sth276/research/blob/main/piwigo_vul/Second-Order%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40553
https://notcve.org/view.php?id=CVE-2021-40553
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. piwigo versión 11.5.0, está afectado por una vulnerabilidad de ejecución de código remota (RCE) en el Editor de Archivos Locales • https://github.com/Yang9999999/vuln/blob/main/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40678
https://notcve.org/view.php?id=CVE-2021-40678
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. En Piwigo versión 11.5.0, se presenta una vulnerabilidad de tipo cross-site scripting persistente en la función de modo único mediante /admin.php?page=batch_manager&mode=unit • https://github.com/Piwigo/Piwigo/issues/1476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •