CVEDB API

Vulnerabilities

Vulnerable Software

Piwigo: >> Piwigo >> 2.9.5 Security Vulnerabilities

CVE-2020-19215

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.

CVSS Score

8.8

EPSS Score

0.002

Published

2022-05-06

CVE-2020-19216

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.

CVSS Score

8.8

EPSS Score

0.002

Published

2022-05-06

CVE-2020-19217

SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.

CVSS Score

8.8

EPSS Score

0.002

Published

2022-05-06

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.

CVSS Score

7.2

EPSS Score

0.003

Published

2021-04-02

CVE-2019-13363

admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.

CVSS Score

9.6

EPSS Score

0.003

Published

2019-09-13

CVE-2019-13364

admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.

CVSS Score

9.6

EPSS Score

0.003

Published

2019-09-13

Page 2

Vulnerabilities

Vulnerable Software

Piwigo: >> Piwigo >> 2.9.5 Security Vulnerabilities

Products

Pricing

Contact Us