CVE-2025-62512

Medium CVSS: 5.5

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.

Vendor

Piwigo

Product

Piwigo

CWE

CWE-204

Yayın Tarihi

2026-02-24 18:29:32

Güncelleme

2026-02-25 16:53:02

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-204 Piwigo MEDIUM Piwigo 2026

Referanslar

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc

Benzer Kayıtlar

Low

CVE-2024-48928

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the sec…

High

CVE-2025-62406

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset…

Medium

CVE-2024-43018

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters ar…