Tag: piwigo

All the articles with the tag "piwigo".

[CVE-2024-43018] SQL Injection in Piwigo’s User Management Lets Attackers Read or Tamper with Gallery Data

29 Jul, 2025

The admin-side user list in Piwigo up to 13.8.0 passes two search parameters directly to MySQL. A single quote is enough to dump the photo gallery’s user table or modify it, and a public proof of concept is already on GitHub.

[CVE-2024-43018] SQL Injection in Piwigo’s User Management Lets Attackers Read or Tamper with Gallery Data