CVEDB API

Vulnerabilities

Vulnerable Software

Piwigo: >> Piwigo >> 12.2.0 Security Vulnerabilities

CVE-2023-27233

Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.

CVSS Score

8.8

EPSS Score

0.004

Published

2023-05-17

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.

CVSS Score

8.8

EPSS Score

0.51

Published

2023-04-21

CVE-2022-32297

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.

CVSS Score

7.5

EPSS Score

0.005

Published

2022-07-14

CVE-2022-26266

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

CVSS Score

8.8

EPSS Score

0.005

Published

2022-03-18

CVE-2022-26267

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

CVSS Score

7.5

EPSS Score

0.009

Published

2022-03-18

CVE-2022-24620

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

CVSS Score

5.4

EPSS Score

0.003

Published

2022-02-24

Page 2

Vulnerabilities

Vulnerable Software

Piwigo: >> Piwigo >> 12.2.0 Security Vulnerabilities

Products

Pricing

Contact Us