CNNVD-202507-3653 Information

CNNVD ID

CNNVD-202507-3653

Related CVE

CVE-2024-43018

• CNNVD Published: 2025-07-29

Description (Chinese)

Piwigo是Piwigo开源的一套基于Web的开源图片库软件。该软件包括图片管理、图片分类和权限管理等功能。 Piwigo 13.8.0及之前版本存在安全漏洞，该漏洞源于参数max_level和min_register未经验证，可能导致SQL注入攻击。

Description (English)

Piwigo is a web-based open-source gallery software for Piwigo. The software includes features such as photo management, photo classification and permission management. Piwigo 13.8.0 and previous versions contain a security loophole, which stems from the unverified use of parameters max level and min register, which could lead to an attack by SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Piwigo

Published

2025-07-29

Last Modified

2026-02-24

References

https://github.com/Piwigo/Piwigo/issues/2197 https://github.com/joaosilva21/CVE-2024-43018 https://access.redhat.com/security/cve/cve-2024-43018

Patch

https://piwigo.org/