CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

PT-2025-47413

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.7.0 Description Piwigo is a photo gallery application for the web. The password reset function in versions prior to 15.7.0 does not validate the hostname used in the password-reset URL, which is taken directly from...

Piwigo 授权问题漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. An authorization issue vulnerability exists in Piwigo version 15.6.0, which stems from the password reset...