Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity PHP register_globals enabled CWE-1108 CWE-1108 Medium PHP register_globals Is Enabled CWE-1108 CWE-1108 Medium PHP Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2020-7070) CVE-2020-7070 CWE-565 CWE-565 Medium PHP Resource Management Errors Vulnerability (CVE-2006-1991) CVE-2006-1991 Medium PHP Resource Management Errors Vulnerability (CVE-2007-3806) CVE-2007-3806 Medium PHP Resource Management Errors Vulnerability (CVE-2010-1861) CVE-2010-1861 Medium PHP Resource Management Errors Vulnerability (CVE-2010-1917) CVE-2010-1917 Medium PHP Resource Management Errors Vulnerability (CVE-2010-2093) CVE-2010-2093 Medium PHP Resource Management Errors Vulnerability (CVE-2010-3710) CVE-2010-3710 Medium PHP Resource Management Errors Vulnerability (CVE-2010-4150) CVE-2010-4150 Medium PHP Resource Management Errors Vulnerability (CVE-2010-4697) CVE-2010-4697 Medium PHP Resource Management Errors Vulnerability (CVE-2011-1468) CVE-2011-1468 Medium PHP Resource Management Errors Vulnerability (CVE-2011-1657) CVE-2011-1657 Medium PHP Resource Management Errors Vulnerability (CVE-2011-3267) CVE-2011-3267 Medium PHP Resource Management Errors Vulnerability (CVE-2012-0781) CVE-2012-0781 Medium PHP Resource Management Errors Vulnerability (CVE-2012-0789) CVE-2012-0789 Medium PHP Resource Management Errors Vulnerability (CVE-2014-0237) CVE-2014-0237 Medium PHP Resource Management Errors Vulnerability (CVE-2014-2497) CVE-2014-2497 Medium PHP Resource Management Errors Vulnerability (CVE-2014-3538) CVE-2014-3538 Medium PHP Resource Management Errors Vulnerability (CVE-2015-4024) CVE-2015-4024 Medium PHP session.use_only_cookies Is Disabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium PHP socket_iovec_alloc() integer overflow CVE-2003-0172 CWE-119 CWE-119 Medium PHP super-globals-overwrite CWE-1108 CWE-1108 Medium PHP Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2004-0594) CVE-2004-0594 CWE-367 CWE-367 Medium PHP Uncontrolled Resource Consumption Vulnerability (CVE-2015-9253) CVE-2015-9253 CWE-400 CWE-400 Medium PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863 CWE-829 CWE-829 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium PHP unspecified remote arbitrary file upload vulnerability CVE-2004-0959 CWE-20 CWE-20 Medium PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 CWE-538 Medium PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-3294) CVE-2009-3294 CWE-134 CWE-134 Medium PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094) CVE-2010-2094 CWE-134 CWE-134 Medium PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2950) CVE-2010-2950 CWE-134 CWE-134 Medium PHP Use of Insufficiently Random Values Vulnerability (CVE-2023-3247) CVE-2023-3247 CWE-330 CWE-330 Medium PHP Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2023-0567) CVE-2023-0567 CWE-916 CWE-916 Medium PHP Use of Uninitialized Resource Vulnerability (CVE-2019-11038) CVE-2019-11038 CWE-908 CWE-908 Medium PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595 CWE-1104 CWE-1104 Medium PHP X Prober publicly accessible CWE-200 CWE-200 Medium Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16355) CVE-2017-16355 CWE-200 CWE-200 Medium Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2013-4136) CVE-2013-4136 CWE-59 CWE-59 Medium Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12615) CVE-2018-12615 CWE-732 CWE-732 Medium Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119) CVE-2013-2119 CWE-264 CWE-264 Medium Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4613) CVE-2014-4613 CWE-352 CWE-352 Medium Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4614) CVE-2014-4614 CWE-352 CWE-352 Medium Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7724) CVE-2018-7724 CWE-352 CWE-352 Medium Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-33359) CVE-2023-33359 CWE-352 CWE-352 Medium Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790) CVE-2011-3790 CWE-200 CWE-200 Medium Piwigo Improper Access Control Vulnerability (CVE-2016-10514) CVE-2016-10514 CWE-284 CWE-284 Medium Piwigo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1469) CVE-2013-1469 CWE-22 CWE-22 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4039) CVE-2009-4039 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1707) CVE-2010-1707 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2209) CVE-2012-2209 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4525) CVE-2012-4525 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4526) CVE-2012-4526 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1980) CVE-2014-1980 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3900) CVE-2014-3900 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2034) CVE-2015-2034 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9751) CVE-2016-9751 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10083) CVE-2016-10083 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10513) CVE-2016-10513 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5608) CVE-2017-5608 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9452) CVE-2017-9452 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9836) CVE-2017-9836 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17775) CVE-2017-17775 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17825) CVE-2017-17825 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17826) CVE-2017-17826 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5692) CVE-2018-5692 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7722) CVE-2018-7722 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7723) CVE-2018-7723 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8089) CVE-2020-8089 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9467) CVE-2020-9467 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22148) CVE-2020-22148 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22150) CVE-2020-22150 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40678) CVE-2021-40678 CWE-707 CWE-707 Medium Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40882) CVE-2021-40882 CWE-707 CWE-707 Medium 1...82838485...107 83 / 107
