Tag
high
advisory
Piwigo SQL Injection Vulnerability (CVE-2026-27885)
2 rules 1 TTP 1 CVE 1 IOCCVE-2026-27885 is a SQL Injection vulnerability in Piwigo before version 16.3.0, affecting the Activity List API endpoint, allowing an authenticated administrator to extract sensitive data.
sql-injection
web-application
piwigo
2r
1t
1c
1i
high
advisory
Piwigo SQL Injection Vulnerability (CVE-2026-27834)
2 rules 1 TTP 1 CVE 1 IOCA SQL Injection vulnerability (CVE-2026-27834) exists in Piwigo versions prior to 16.3.0, allowing authenticated administrators to execute arbitrary SQL commands via the pwg.users.getList Web Service API method.
piwigo
sql-injection
cve-2026-27834
2r
1t
1c
1i
medium
advisory
Piwigo Unauthenticated History Search Access
2 rules 1 TTP 1 CVE 1 IOCPiwigo versions prior to 16.3.0 expose the full browsing history of gallery visitors to unauthenticated users via the pwg.history.search API method due to a missing authorization check.
piwigo
vulnerability
information-disclosure
2r
1t
1c
1i