CVE-2016-3735

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-3735
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3735.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3735
Published
2022-01-28T20:15:08.437Z
Modified
2026-03-14T09:19:33.639959Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.

References

Affected packages

Git / github.com/piwigo/piwigo

Affected ranges

Type
GIT
Repo
https://github.com/piwigo/piwigo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f0d29d9134193be7fe708b6a2f54f80eeb9e77bf
Fixed
f51ee90c66527fd7ff634f3e8d414cb670da068d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.8.1"
        }
    ]
}

Affected versions

2.*
2.8.0
2.8.0RC1
2.8.0RC2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3735.json"