CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Piwigo: >> Piwigo >> 2.9.1 Security Vulnerabilities

CVE-2017-10682

SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.

CVSS Score

9.8

EPSS Score

0.003

Published

2017-06-29

CVE-2017-9836

Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).

CVSS Score

4.8

EPSS Score

0.002

Published

2017-06-24

Page 3

Vulnerabilities

Vulnerable Software

Piwigo: >> Piwigo >> 2.9.1 Security Vulnerabilities

Products

Pricing

Contact Us