This Metasploit module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the (filter_user_id) parameter.
9bbbad3a776fd24cf01f86397e96953115766823984339cff090461bcc35c03f
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.
44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.
62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp
6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.
507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.
b4b2bf2bd02e5e6e2f24ce835e44e52d016f467252a6d79a30e013c6f3028a74
WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.
fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
PHPIPAM version 1.4.4 suffers from an authenticated remote SQL injection vulnerability.
52735c203f763f807bb821587b48986c8565cba03c4abbab39523388cea432b8
Envira Gallery Lite edition version 1.8.3.2 suffers from a cross site scripting vulnerability.
9dbf149ef3ee66457f73ea7147ed74161ff3ef6881909b863f14b4bf54649b7c
Typesetter CMS version 5.1 authenticated remote code execution exploit.
88686ca78f33a87564ebb395cb531dd62ea51ec4e0d7bece14f7859cf8a4c103
Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34
GilaCMS version 1.11.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
6603d87a861a3d845fa61f9b588c6b86e0c8fe070114880b2f66b4cd804da8df
Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
8a705d66a11dea3ced8ff1ddbb628df03886926a4d88a4506f71c1bceda77cb7