CNNVD-202511-1967 Information

CNNVD ID

CNNVD-202511-1967

Related CVE

CVE-2025-62406

• CNNVD Published: 2025-11-18

Description (Chinese)

Piwigo是Piwigo开源的一套基于Web的开源图片库软件。该软件包括图片管理、图片分类和权限管理等功能。 Piwigo 15.6.0版本存在授权问题漏洞，该漏洞源于密码重置功能未验证Host标头，可能导致账户接管。

Description (English)

Piwigo is a web-based open-source gallery software for Piwigo. The software includes features such as photo management, photo classification and permission management. Version 15.6.0 of Piwigo has a mandate gap, which arises from the failure of the password resetting function to verify the host header, which may lead to the account taking over.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

Piwigo

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-9986-w7jf-33f6 https://github.com/Piwigo/Piwigo/commit/9d2565465efc3570963ff431b45cad21610f6692 https://access.redhat.com/security/cve/cve-2025-62406

Patch

https://piwigo.org/get-piwigo