) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:piwigo:piwigo:1.0.0:-
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-4613 |
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. Published: March 16, 2018; 1:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2014-4614 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method. Published: July 02, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2013-1468 |
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors. Published: March 13, 2013; 11:13:32 PM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
| CVE-2013-1469 |
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. Published: March 13, 2013; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
| CVE-2010-1707 |
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. Published: May 04, 2010; 12:00:35 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |