Search Results | AttackerKB

Show filters

Topics 3 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2022-26267

Disclosure Date: March 18, 2022 (last updated February 23, 2025)

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-26266

Disclosure Date: March 18, 2022 (last updated February 23, 2025)

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2022-24620

Disclosure Date: February 24, 2022 (last updated February 23, 2025)

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

Attack Vector: Network Privileges: Low User Interaction: Required

0