Known Vulnerabilities for products from Piwigo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Piwigo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27885 | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-27834 | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-27833 | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-27634 | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2023-44393 | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vuln... | 6.1 - MEDIUM | 2023-10-09 | 2023-10-13 |
| CVE-2023-37270 | Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of... | 8.8 - HIGH | 2023-07-07 | 2023-07-14 |
| CVE-2023-34626 | Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | 4.3 - MEDIUM | 2023-06-15 | 2023-06-22 |
| CVE-2023-33362 | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | 9.8 - CRITICAL | 2023-05-23 | 2023-05-30 |
| CVE-2023-33361 | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | 9.8 - CRITICAL | 2023-05-23 | 2023-05-30 |
| CVE-2023-33359 | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | 4.3 - MEDIUM | 2023-05-23 | 2023-05-30 |
| CVE-2023-27233 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_bac... | 8.8 - HIGH | 2023-05-17 | 2023-05-25 |
| CVE-2023-26876 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the fi... | 8.8 - HIGH | 2023-04-21 | 2023-04-28 |
| CVE-2022-48007 | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitra... | 5.4 - MEDIUM | 2023-01-27 | 2023-02-04 |
| CVE-2022-37183 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | 6.1 - MEDIUM | 2022-08-31 | 2022-09-06 |
| CVE-2022-32297 | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | 7.5 - HIGH | 2022-07-14 | 2022-07-25 |
| CVE-2022-26267 | Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 7.5 - HIGH | 2022-03-18 | 2023-08-08 |
| CVE-2022-26266 | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 8.8 - HIGH | 2022-03-18 | 2022-03-28 |
| CVE-2022-24620 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-24 | 2022-03-02 |
| CVE-2021-45357 | Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | 6.1 - MEDIUM | 2022-02-10 | 2022-02-15 |
| CVE-2021-40882 | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 6.1 - MEDIUM | 2021-12-14 | 2021-12-16 |