CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

CVE-2022-26267

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenanceactions.php...

CVE-2022-26266

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php...

PT-2025-47413

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.7.0 Description Piwigo is a photo gallery application for the web. The password reset function in versions prior to 15.7.0 does not validate the hostname used in the password-reset URL, which is taken directly from...

EUVD-2020-11122

Malware in sbrugna...

EUVD-2009-2921

Malware in sbrugna...

EUVD-2017-8974

Malware in sbrugna...

EUVD-2021-14691

Malware in sbrugna...

EUVD-2017-18396

Malware in sbrugna...

EUVD-2020-11119

Malware in sbrugna...

EUVD-2022-53490

Malicious code in bioql PyPI...

EUVD-2023-37525

Malicious code in bioql PyPI...

EUVD-2021-27496

Malicious code in bioql PyPI...

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-48007

A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...

CVE-2022-24620

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting XSS, which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access...

CVE-2022-32297

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-19217

SQL Injection vulnerability in admin/batchmanager.php in piwigo v2.9.5, via the filtercategory parameter to admin.php?page=batchmanager...