CVE-2026-27634

Source
https://cve.org/CVERecord?id=CVE-2026-27634
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27634.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27634
Aliases
  • GHSA-mgqc-3445-qghq
Published
2026-04-03T21:33:13.838Z
Modified
2026-07-15T01:49:11.581405781Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter
Details

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated) in wsstdimagesqlfilter() are concatenated directly into SQL without any escaping or type validation. This could result in an unauthenticated attacker reading the full database, including user password hashes. This issue has been patched in version 16.3.0.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27634.json"
}
References

Affected packages

Git / github.com/piwigo/piwigo

Affected ranges

Type
GIT
Repo
https://github.com/piwigo/piwigo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.3.0"
        }
    ],
    "cpe": "cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*"
}

Affected versions

12.*
12.0.0RC1
12.0.0RC2
12.0.0beta1
12.0.0beta2
13.*
13.0.0RC1
13.0.0RC2
13.0.0RC3
13.0.0RC4
13.0.0beta1
13.0.0beta2
14.*
14.0.0RC1
14.0.0RC2
14.0.0beta1
14.0.0beta2
14.0.0beta3
15.*
15.0.0beta1
15.0.0beta2
15.0.0beta3
16.*
16.0.0
16.0.0RC1
16.0.0RC2
16.0.0RC3
16.0.0beta1
16.0.0beta2
16.1.0
16.2.0
2.*
2.10.0RC1
2.10.0beta1
2.10.0beta2
2.11.0beta1
2.11.0beta2
2.11.0beta3
2.11.0beta4
2.8.0RC1
2.8.0RC2
2.9.0RC1
2.9.0RC2
2.9.0beta1
2.9.0beta2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27634.json"