2 matches found
CVE-2025-62512
Piwigo 15.x (tested up to 15.5.0) is affected by CVE-2025-62512 through its password reset endpoint password.php?action=lost, which leaks whether a username/email exists by returning distinct messages for valid vs invalid accounts. The vulnerability enables unauthenticated user enumeration and ha...
CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...