Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Multimedia

Piwigo

Piwigo is a photo gallery software for the web built by an active community of users and developers. Extensions make Piwigo easily customizable. Icing on the cake Piwigo is free and opensource.

Official Site:

http://tr.piwigo.org/

Severity Summary:

Critical: 9 High: 27 Medium: 51
Reference
Title
Severity
CVE-2017-10681
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2023-26876
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-27233
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2013-1468
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2023-37270
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-40313
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-22148
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-22150
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-4039
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-9467
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-40882
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-24620
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-45357
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-19212
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2021-40678
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-37183
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-48007
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-33359
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2023-34626
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2023-44393
Piwigo Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability
Medium
CVE-2010-1707
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-3900
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2011-3790
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2016-10513
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2016-10083
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-5608
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-9452
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-9463
Piwigo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2017-9464
Piwigo URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2017-9836
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium