Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

piwigo — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting piwigo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Piwigo serves as an open-source photo gallery management system primarily used for organizing and sharing images online. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting attacks, and privilege escalation flaws, with 11 CVEs documented to date. The platform's security posture has been challenged by issues related to insufficient input validation and improper access controls, though no major public security incidents have been widely reported. Users are advised to maintain regular updates and implement proper hardening measures, as the application's web-based nature and extensibility through plugins create potential attack surfaces that require ongoing security attention.

Top products by piwigo: piwigo
CVE IDTitleCVSSSeverityPublished
CVE-2026-27885 Piwigo: SQL Injection in Activity.getList — PiwigoCWE-89 7.2 High2026-04-03
CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter — PiwigoCWE-89 7.2 High2026-04-03
CVE-2026-27833 Piwigo: Unauthenticated Information Disclosure via pwg.history.search API — PiwigoCWE-862 7.5 High2026-04-03
CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter — PiwigoCWE-89 7.5AIHighAI2026-04-03
CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint — PiwigoCWE-204 5.3 -2026-02-24
CVE-2024-48928 Piwigo's secret key can be brute forced — PiwigoCWE-330 7.5 -2026-02-24
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link — PiwigoCWE-640 8.1 High2025-11-18
CVE-2023-44393 Piwigo Reflected XSS vulnerability — PiwigoCWE-79 9.3 Critical2023-10-09
CVE-2023-37270 Piwigo SQL Injection vulnerability in "User-Agent" — PiwigoCWE-89 7.6 High2023-07-07
CVE-2012-4526 Piwigo 跨站脚本漏洞 — piwigo 6.1 -2019-12-02
CVE-2012-4525 Piwigo 跨站脚本漏洞 — piwigo 6.1 -2019-12-02

This page lists every published CVE security advisory associated with piwigo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.