Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Multimedia

Piwigo

Piwigo is a photo gallery software for the web built by an active community of users and developers. Extensions make Piwigo easily customizable. Icing on the cake Piwigo is free and opensource.

Official Site:

http://tr.piwigo.org/

Severity Summary:

Critical: 10 High: 33 Medium: 59
Reference
Title
Severity
CVE-2024-48928
Piwigo Use of Insufficiently Random Values Vulnerability
High
CVE-2026-27885
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2026-27834
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2026-27833
Piwigo Missing Authorization Vulnerability
High
CVE-2015-1441
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2012-2208
Piwigo Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2016-10085
Piwigo Improper Access Control Vulnerability
High
CVE-2017-10678
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2016-10084
Piwigo Improper Access Control Vulnerability
High
CVE-2017-10679
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2017-10680
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2017-10681
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2017-17827
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2017-17775
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2016-10514
Piwigo Improper Access Control Vulnerability
Medium
CVE-2021-40678
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-9836
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37183
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-48007
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33359
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2016-10513
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-34626
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2023-44393
Piwigo Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability
Medium
CVE-2020-19212
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2024-26450
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2018-7724
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2018-7723
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-7722
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-6883
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2025-62512
Piwigo Observable Response Discrepancy Vulnerability
Medium