CVE-2026-27834 | Piwigo up to 16.2.x List Web Service pwg.users.getList filter sql injection (GHSA-5jwg-cr5q-vjq2)

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as critical was found in Piwigo up to 16.2.x. Affected is the function pwg.users.getList of the component List Web Service. Executing a manipulation of the argument filter can lead to sql injection.

This vulnerability is tracked as CVE-2026-27834. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-27834 | Piwigo up to 16.2.x List Web Service pwg.users.getList filter sql injection (GHSA-5jwg-cr5q-vjq2)

Post correlati

CVE-2024-31227 | Redis up to 7.2.5 ACL Selector src/acl.c ACLSetSelector denial of service

CVE-2017-15832 | Qualcomm Snapdragon Mobile MDM9206/MDM9607/SD 835/SD 845/SD 850 WLAN Host Driver input validation

CVE-2025-27604 | XWiki Confluence Migrator Pro up to 1.11.6 information disclosure

CVE-2024-5968 | 10Web Photo Gallery Plugin up to 1.8.27 on WordPress Setting cross site scripting