Vulnerabilities in piwigo
11 resultsCVE-2023-37270HIGHPiwigo SQL Injection vulnerability in "User-Agent"EPSS 3.9%CVE-2026-27833HIGHPiwigo: Unauthenticated Information Disclosure via pwg.history.search APIEPSS 1.5%CVE-2023-44393CRITICALPiwigo Reflected XSS vulnerabilityEPSS 1.3%CVE-2012-4526—piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)EPSS 1.2%CVE-2012-4525—piwigo has XSS in password.phpEPSS 1.2%CVE-2025-62512MEDIUMPiwigo Vulnerable to User Enumeration via Password Reset EndpointEPSS 0.8%CVE-2026-27634HIGHPiwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filterEPSS 0.7%CVE-2026-27834HIGHPiwigo: SQL Injection in pwg.users.getList API Method via filter ParameterEPSS 0.4%CVE-2026-27885HIGHPiwigo: SQL Injection in Activity.getListEPSS 0.4%CVE-2025-62406HIGHPiwigo is vulnerable to one-click account takeover by modifying the password-reset linkEPSS 0.3%CVE-2024-48928LOWPiwigo's secret key can be brute forcedEPSS 0.3%