Shodan
Vulnerabilities
Vulnerable Software
Piwigo:  >> Piwigo  >> 2.9.2  Security Vulnerabilities
CVE-2023-27233
Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-05-17
CVE-2023-26876
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
CVSS Score
8.8
EPSS Score
0.51
Published
2023-04-21
CVE-2022-32297
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-07-14
CVE-2021-27973
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-04-02
CVE-2018-6883
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
CVSS Score
4.9
EPSS Score
0.003
Published
2018-02-24
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-21
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved