3 matches found
CVE-2026-27833
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the adminonly option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched ...
CVE-2026-27833 Piwigo: Unauthenticated Information Disclosure via pwg.history.search API
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the adminonly option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched ...
PT-2026-30242
Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 16.3.0 Description An information disclosure issue exists in the open source photo gallery application where the 'pwg.history.search' API method is registered without the admin only option. This allows unauthenticated...