Vulnerabilities (CVE)

Filtered by vendor Piwigo Subscribe

Filtered by product Lexiglot

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-8945	1 Piwigo	1 Lexiglot	2023-12-10	7.5 HIGH	9.8 CRITICAL
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
CVE-2014-8944	1 Piwigo	1 Lexiglot	2023-12-10	3.5 LOW	5.4 MEDIUM
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
CVE-2014-8939	1 Piwigo	1 Lexiglot	2023-12-10	4.3 MEDIUM	5.3 MEDIUM
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
CVE-2014-8940	1 Piwigo	1 Lexiglot	2023-12-10	5.0 MEDIUM	5.3 MEDIUM
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
CVE-2014-8937	1 Piwigo	1 Lexiglot	2023-12-10	5.0 MEDIUM	7.5 HIGH
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
CVE-2014-8943	1 Piwigo	1 Lexiglot	2023-12-10	6.5 MEDIUM	8.8 HIGH
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
CVE-2014-8942	1 Piwigo	1 Lexiglot	2023-12-10	6.8 MEDIUM	8.8 HIGH
Lexiglot through 2014-11-20 allows CSRF.
CVE-2014-8941	1 Piwigo	1 Lexiglot	2023-12-10	7.5 HIGH	9.8 CRITICAL
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
CVE-2014-8938	1 Piwigo	1 Lexiglot	2023-12-10	2.1 LOW	7.8 HIGH
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.