Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2012-4526
Disclosure Date: December 02, 2019 (last updated November 27, 2024)
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
0
Attacker Value
Unknown
CVE-2012-4525
Disclosure Date: December 02, 2019 (last updated November 27, 2024)
piwigo has XSS in password.php
0
Attacker Value
Unknown
CVE-2014-1980
Disclosure Date: August 14, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.
0
Attacker Value
Unknown
CVE-2014-4614
Disclosure Date: July 02, 2014 (last updated October 05, 2023)
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
0
Attacker Value
Unknown
CVE-2013-1468
Disclosure Date: March 14, 2013 (last updated October 05, 2023)
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
0
Attacker Value
Unknown
CVE-2013-1469
Disclosure Date: March 13, 2013 (last updated October 05, 2023)
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
0
