CVE-2024-43018

Medium CVSS: 6.4

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list.

Vendor

Piwigo

Product

Piwigo

CWE

CWE-89

Yayın Tarihi

2025-07-29 20:15:26

Güncelleme

2025-08-06 16:24:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Piwigo MEDIUM Piwigo 2025

Referanslar

https://github.com/Piwigo/Piwigo/issues/2197 https://github.com/inesmarcal/CVE-2024-43018 https://github.com/joaosilva21/CVE-2024-43018

Benzer Kayıtlar

Medium

CVE-2025-62512

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the…

Low

CVE-2024-48928

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the sec…

High

CVE-2025-62406

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset…