Piwigo Security Vulnerabilities (CVEs)

Track 19 security vulnerabilities affecting Piwigo products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

13 High

2 Medium

Sort by:

🔔 Get Alerts for Piwigo

CVE-2024-48928 7.5

Piwigo versions 14.x have a weak secret key generation vulnerability during installation. Attackers can brute-force the secret key in about one hour, ...

Feb 24, 2026

CVE-2025-62406 8.1

This vulnerability in Piwigo allows attackers to send password reset emails containing malicious links to legitimate users. By manipulating the Host h...

Nov 18, 2025

CVE-2024-46606 5.4

A stored cross-site scripting (XSS) vulnerability in Piwigo's photo description field allows attackers to inject malicious scripts that execute when a...

Oct 16, 2024

CVE-2024-46333 4.8

An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers with album creation permissions to inject malicious scrip...

Sep 27, 2024

CVE-2023-44393 9.3

A reflected XSS vulnerability in Piwigo's admin interface allows attackers to inject malicious JavaScript via crafted URLs. Only authenticated adminis...

Oct 9, 2023

CVE-2023-37270 7.6

Piwigo photo gallery software versions before 13.8.0 contain a SQL injection vulnerability in the administrator login screen. Attackers with any admin...

Jul 7, 2023

CVE-2023-33361 9.8

Piwigo 13.6.0 contains a SQL injection vulnerability in the /admin/permalinks.php endpoint that allows attackers to execute arbitrary SQL commands. Th...

May 23, 2023

CVE-2023-27233 8.8

CVE-2023-27233 is a SQL injection vulnerability in Piwigo's user_list_backend.php file that allows attackers to execute arbitrary SQL commands via the...

May 17, 2023

CVE-2023-26876 8.8

This SQL injection vulnerability in Piwigo allows remote attackers to execute arbitrary SQL commands via the filter_user_id parameter in the admin.php...

Apr 21, 2023

CVE-2022-32297 7.5

CVE-2022-32297 is a SQL injection vulnerability in Piwigo's search function that allows attackers to execute arbitrary SQL commands. This affects Piwi...

Jul 14, 2022

CVE-2021-40553 8.8

CVE-2021-40553 is a remote code execution vulnerability in Piwigo's LocalFiles Editor that allows attackers to execute arbitrary code on affected syst...

Jun 28, 2022

CVE-2021-40317 8.8

CVE-2021-40317 is a SQL injection vulnerability in Piwigo's admin.php file via the id parameter. This allows authenticated attackers to execute arbitr...

May 26, 2022

CVE-2020-19213 9.8

This is a critical SQL injection vulnerability in Piwigo's cat_move.php file that allows attackers to execute arbitrary SQL commands via the 'selectio...

May 6, 2022

CVE-2020-19216 8.8

This CVE describes an SQL injection vulnerability in Piwigo's admin/user_perm.php file via the cat_false parameter. Attackers can execute arbitrary SQ...

May 6, 2022

CVE-2022-26267 7.5

Piwigo v12.2.0 contains an information disclosure vulnerability in the admin maintenance actions page. Attackers can exploit this to leak sensitive in...

Mar 18, 2022

CVE-2016-3735 8.1

CVE-2016-3735 is a predictable password reset token vulnerability in Piwigo image gallery software. When certain criteria aren't met, Piwigo uses PHP'...

Jan 28, 2022

CVE-2021-32615 9.8

This vulnerability allows authenticated administrators in Piwigo 11.4.0 to perform SQL injection attacks via the order[0][dir] parameter in admin/user...

May 13, 2021

CVE-2021-31783 7.5

This vulnerability allows attackers to perform Local File Inclusion (LFI) attacks in Piwigo's LocalFilesEditor extension. By manipulating the 'file' p...

Apr 26, 2021

CVE-2021-27973 7.2

This SQL injection vulnerability in Piwigo allows attackers to execute arbitrary SQL commands via the language parameter in the admin.php?page=languag...

Apr 2, 2021

Why Monitor Piwigo Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 19+ known vulnerabilities affecting Piwigo products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Piwigo packages in under 60 seconds. No agents required - completely agentless scanning that works across Piwigo deployments.

Free vulnerability database: Access detailed information about every Piwigo CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Piwigo CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Piwigo CVEs Free