Facetag Project: Security Vulnerabilities
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-26
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
CVSS Score
9.8
EPSS Score
0.016
Published
2018-02-26