High severity7.2NVD Advisory· Published Apr 3, 2026· Updated Apr 9, 2026
CVE-2026-27885
CVE-2026-27885
Description
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including user credentials, email addresses, and all stored content. This issue has been patched in version 16.3.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/Piwigo/Piwigo/commit/c172d284e11eab4a5dbadd2844d26f734d5c8c72nvdPatch
- github.com/Piwigo/Piwigo/security/advisories/GHSA-wfmr-9hg8-jh3mnvdExploitMitigationVendor Advisory
- piwigo.org/release-16.3.0nvdRelease Notes
News mentions
0No linked articles in our index yet.