CVE-2026-27885 in Piwigoinformação

Sumário (Inglês)

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including user credentials, email addresses, and all stored content. This issue has been patched in version 16.3.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

GitHub_M

Reservar

24/02/2026

Divulgação

04/04/2026

Estado

Confirmado

Inscrições

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadeCWEExpConCVE
355266Piwigo Activity List API Injeção SQL89Não definidoCorreção oficialCVE-2026-27885

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

Fontes

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!