Piwigo

Piwigo

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-3900

  • EPSS 0.26%
  • Veröffentlicht 17.08.2014 18:55:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-...

4.3

CVE-2014-1980

  • EPSS 0.3%
  • Veröffentlicht 14.08.2014 05:01:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community pl...

6.8

CVE-2014-4614

  • EPSS 0.18%
  • Veröffentlicht 02.07.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInf...

10

CVE-2014-4648

  • EPSS 0.44%
  • Veröffentlicht 28.06.2014 15:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."

6.5

CVE-2014-4649

  • EPSS 0.27%
  • Veröffentlicht 28.06.2014 15:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

7.6

CVE-2013-1468

Exploit
  • EPSS 18.85%
  • Veröffentlicht 14.03.2013 03:13:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

4

CVE-2013-1469

Exploit
  • EPSS 51.63%
  • Veröffentlicht 13.03.2013 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

7.5

CVE-2012-2208

Exploit
  • EPSS 7.81%
  • Veröffentlicht 14.08.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

4.3

CVE-2012-2209

Exploit
  • EPSS 7.59%
  • Veröffentlicht 14.08.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the langua...

5

CVE-2011-3790

  • EPSS 0.28%
  • Veröffentlicht 24.09.2011 00:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.