Piwigo

Piwigo

99 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-9751

  • EPSS 0.22%
  • Veröffentlicht 01.12.2016 11:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

6.5

CVE-2015-2035

Exploit
  • EPSS 0.61%
  • Veröffentlicht 20.02.2015 16:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

4.3

CVE-2015-2034

Exploit
  • EPSS 0.62%
  • Veröffentlicht 20.02.2015 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.

6

CVE-2015-1517

Exploit
  • EPSS 1.03%
  • Veröffentlicht 20.02.2015 16:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin....

7.5

CVE-2015-1441

  • EPSS 0.71%
  • Veröffentlicht 03.02.2015 16:59:26
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5

CVE-2014-9115

Exploit
  • EPSS 0.58%
  • Veröffentlicht 23.12.2014 11:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture....

4.3

CVE-2014-3900

  • EPSS 0.26%
  • Veröffentlicht 17.08.2014 18:55:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-...

4.3

CVE-2014-1980

  • EPSS 0.3%
  • Veröffentlicht 14.08.2014 05:01:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community pl...

6.8

CVE-2014-4614

  • EPSS 0.18%
  • Veröffentlicht 02.07.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInf...

6.5

CVE-2014-4649

  • EPSS 0.27%
  • Veröffentlicht 28.06.2014 15:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.