CVE-2026-27885 in Piwigoinformación

Resumen (Inglés)

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including user credentials, email addresses, and all stored content. This issue has been patched in version 16.3.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

GitHub_M

Reservar

2026-02-24

Divulgación

2026-04-04

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
355266Piwigo Activity List API inyección SQL89No está definidoArreglo oficialCVE-2026-27885

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!