CVE-2026-27634 | Piwigo up to 16.2.x ws_std_image_sql_filter sql injection (GHSA-mgqc-3445-qghq)

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability described as critical has been identified in Piwigo up to 16.2.x. This affects the function ws_std_image_sql_filter. Such manipulation of the argument f_min_date_available/f_max_date_available/f_min_date_created/f_max_date_created leads to sql injection.

This vulnerability is referenced as CVE-2026-27634. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-27634 | Piwigo up to 16.2.x ws_std_image_sql_filter sql injection (GHSA-mgqc-3445-qghq)

Post correlati

CVE-2025-30276 | QNAP Systems Qsync Central prior 5.0.0.4 out-of-bounds write (qsa-26-02)

CVE-2025-7103 | BoyunCMS up to 1.4.20 curl Index.php server-side request forgery

CVE-2024-48839 | ABB ASPECT-Enterprise/NEXUS/MATRIX up to 3.08.02 code injection

CVE-2024-4282 | Brocade SANnav up to 2.3.1a SSH risky encryption