piwigo lexiglot CVE Vulnerabilities (9)

CVEs: 9 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting piwigo lexiglot (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 19 of 9 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2014-8945 admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. [email protected] 9.8 2.44% 2020-06-01 2026-06-16
CVE-2014-8944 Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. [email protected] 5.4 0.53% 2020-06-01 2026-06-16
CVE-2014-8943 Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. [email protected] 8.8 0.96% 2020-06-01 2026-06-16
CVE-2014-8942 Lexiglot through 2014-11-20 allows CSRF. [email protected] 8.8 0.48% 2020-06-01 2026-06-16
CVE-2014-8941 Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. [email protected] 9.8 1.09% 2020-06-01 2026-06-16
CVE-2014-8940 Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. [email protected] 5.3 1.11% 2020-06-01 2026-06-16
CVE-2014-8939 Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. [email protected] 5.3 1.37% 2020-06-01 2026-06-16
CVE-2014-8938 Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. [email protected] 7.8 0.32% 2020-06-01 2026-06-16
CVE-2014-8937 Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. [email protected] 7.5 1.10% 2020-06-01 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence