Known Vulnerabilities for products from Piwigo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Piwigo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27885 json | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was di... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-27834 json | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-27833 json | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-27634 json | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (f_m... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2023-44393 json | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vuln... | 6.1 - MEDIUM | 2023-10-09 | 2023-10-13 |
| CVE-2023-37270 json | Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of... | 8.8 - HIGH | 2023-07-07 | 2023-07-14 |
| CVE-2023-34626 json | Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | 4.3 - MEDIUM | 2023-06-15 | 2023-06-22 |
| CVE-2023-33362 json | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | 9.8 - CRITICAL | 2023-05-23 | 2023-05-30 |
| CVE-2023-33361 json | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | 9.8 - CRITICAL | 2023-05-23 | 2023-05-30 |
| CVE-2023-33359 json | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | 4.3 - MEDIUM | 2023-05-23 | 2023-05-30 |
| CVE-2023-27233 json | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_bac... | 8.8 - HIGH | 2023-05-17 | 2023-05-25 |
| CVE-2023-26876 json | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the fi... | 8.8 - HIGH | 2023-04-21 | 2023-04-28 |
| CVE-2022-48007 json | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitra... | 5.4 - MEDIUM | 2023-01-27 | 2023-02-04 |
| CVE-2022-37183 json | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | 6.1 - MEDIUM | 2022-08-31 | 2022-09-06 |
| CVE-2022-32297 json | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | 7.5 - HIGH | 2022-07-14 | 2022-07-25 |
| CVE-2022-26267 json | Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 7.5 - HIGH | 2022-03-18 | 2023-08-08 |
| CVE-2022-26266 json | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 8.8 - HIGH | 2022-03-18 | 2022-03-28 |
| CVE-2022-24620 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-24 | 2022-03-02 |
| CVE-2021-45357 json | Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | 6.1 - MEDIUM | 2022-02-10 | 2022-02-15 |
| CVE-2021-40882 json | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 6.1 - MEDIUM | 2021-12-14 | 2021-12-16 |