Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Jul 30, 2025

CVE-2024-43018

Description

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list.

Affected products

Piwigo/Piwigodescription
Piwigo/Piwigollm-fuzzy
Range: <=13.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Piwigo/Piwigo/issues/2197mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000