CVE-2024-43018

Published: Jul 29, 2025

Modified: Jul 30, 2025

PUBLISHED

Description

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Piwigo/Piwigo/issues/2197

https://github.com/joaosilva21/CVE-2024-43018

https://github.com/inesmarcal/CVE-2024-43018

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-43018

Description

Affected Products

References