Lucene search
K

1037 matches found

CVE
CVE
added 2026/02/24 4:43 p.m.22 views

CVE-2025-62512

Piwigo 15.x (tested up to 15.5.0) is affected by CVE-2025-62512 through its password reset endpoint password.php?action=lost, which leaks whether a username/email exists by returning distinct messages for valid vs invalid accounts. The vulnerability enables unauthenticated user enumeration and ha...

6.9CVSS5.5AI score0.00766EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 4:43 p.m.2 views

CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS5.9AI score0.00766EPSS
Exploits1References1
OSV
OSV
added 2026/02/24 4:43 p.m.7 views

CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS5.6AI score0.00766EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/24 4:43 p.m.33 views

CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS0.00766EPSS
Exploits1References1
OSV
OSV
added 2026/02/24 4:39 p.m.7 views

CVE-2024-48928 Piwigo's secret key can be brute forced

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secretkey configuration parameter is set to MD5RAND in MySQL. However, RAND only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is...

6.9CVSS5.6AI score0.0026EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/24 4:39 p.m.19 views

CVE-2024-48928 Piwigo's secret key can be brute forced

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secretkey configuration parameter is set to MD5RAND in MySQL. However, RAND only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is...

6.9CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 4:39 p.m.2 views

CVE-2024-48928 Piwigo's secret key can be brute forced

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secretkey configuration parameter is set to MD5RAND in MySQL. However, RAND only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is...

6.9CVSS5.9AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 4:39 p.m.19 views

CVE-2024-48928

Piwigo CVE-2024-48928 affects 14.x branch installations where secret_key is set to MD5(RAND()) in MySQL. RAND() offers about 30 bits of entropy, making brute-forcing feasible within roughly an hour. The CSRF token partially derives from the secret_key, allowing verification of a brute-force attem...

7.5CVSS5.4AI score0.0026EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

Piwigo 安全特征问题漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 15.0.0 had security vulnerabilities. These vulnerabilities stemmed fro...

7.5CVSS5.7AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes features such as image management, image classification, and permission management. Versions of Piwigo starting from 15.5.0 and earlier, including 15.x, have security vulnerabilities...

6.9CVSS5.8AI score0.00766EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.4 views

PT-2026-21769

Name of the Vulnerable Software and Affected Versions Piwigo versions 14.x Description Piwigo is a photo gallery application for the web. In versions on the 14.x branch, the secret key configuration parameter is set to MD5RAND during installation when using MySQL. The RAND function has limited...

7.5CVSS5.2AI score0.0026EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21770

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.5.0 Description Piwigo is a photo gallery application for the web. The password reset functionality allows an unauthenticated attacker to determine if a given username or email address exists in the system. The...

6.9CVSS5.3AI score0.00766EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.6 views

CVE-2009-4039

Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:30 a.m.10 views

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...

7.2CVSS7.8AI score0.11046EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.7 views

CVE-2021-31783

showdefault.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check...

7.5CVSS6.9AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.6 views

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

6.1CVSS5.9AI score0.00884EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.6 views

CVE-2016-10514

urlcheckformat in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring...

6.5CVSS6.9AI score0.01222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.8 views

CVE-2022-26267

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenanceactions.php...

7.5CVSS7.1AI score0.01431EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.5 views

CVE-2022-26266

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php...

8.8CVSS8.3AI score0.01272EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.141 views

📄 Piwigo 13.6.0 SQL Injection

Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...

9.8CVSS8.2AI score0.09058EPSS
Exploits3
Rows per page
Query Builder