CVE-2012-2209

Piwigo < 2.3.4 - Cross-Site Scripting via Admin Panel Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2209. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/18782

The advisory details multiple vulnerabilities in Piwigo, including directory path traversal (CVE-2012-2208) and multiple XSS vulnerabilities (CVE-2012-2209). It provides PoC URLs and descriptions of how these vulnerabilities can be exploited.

Classification
Writeup 100%
Attack Type
Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: Piwigo 2.3.3 and prior
No auth needed
Prerequisites: Access to the target Piwigo installation · Ability to craft malicious URLs
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Various Sources x_refsource_confirm
http://piwigo.org/forum/viewtopic.php?id=19173
Various Sources x_refsource_confirm
http://piwigo.org/bugs/view.php?id=2607
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18782
Release Notes x_refsource_confirm
http://piwigo.org/releases/2.3.4
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53245
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75186
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48903
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html

Scores

EPSS 0.0424
EPSS Percentile 89.9%

Details

CWE
CWE-79
Status published
Products (1)
piwigo/piwigo < 2.3.3
Published Aug 14, 2012
Tracked Since Feb 18, 2026