Vulnerabilites related to tinywebgallery - tinywebgallery
CVE-2006-1802 (GCVE-0-2006-1802)
Vulnerability from cvelistv5
Published
2006-04-18 10:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:28.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1369",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"name": "717",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/717"
},
{
"name": "20060415 Tiny Web Gallery \u003c= 1.4 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"name": "19660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19660"
},
{
"name": "17536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17536"
},
{
"name": "tinywebgallery-index-xss(25831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
},
{
"name": "20060606 Re: Tiny Web Gallery \u003c= 1.4 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1369",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"name": "717",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/717"
},
{
"name": "20060415 Tiny Web Gallery \u003c= 1.4 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"name": "19660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19660"
},
{
"name": "17536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17536"
},
{
"name": "tinywebgallery-index-xss(25831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
},
{
"name": "20060606 Re: Tiny Web Gallery \u003c= 1.4 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1369",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"name": "717",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/717"
},
{
"name": "20060415 Tiny Web Gallery \u003c= 1.4 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"name": "19660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19660"
},
{
"name": "17536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17536"
},
{
"name": "tinywebgallery-index-xss(25831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
},
{
"name": "20060606 Re: Tiny Web Gallery \u003c= 1.4 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1802",
"datePublished": "2006-04-18T10:00:00",
"dateReserved": "2006-04-17T00:00:00",
"dateUpdated": "2024-08-07T17:27:28.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3810 (GCVE-0-2011-3810)
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3810",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:39.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4166 (GCVE-0-2006-4166)
Vulnerability from cvelistv5
Published
2006-08-16 21:00
Modified
2024-08-07 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060816 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443353/100/0/threaded"
},
{
"name": "20060810 TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442818/100/0/threaded"
},
{
"name": "1393",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1393"
},
{
"name": "1016682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016682"
},
{
"name": "tinywebgallery-image-file-include(28317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28317"
},
{
"name": "20060904 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445089/100/0/threaded"
},
{
"name": "2158",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060816 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443353/100/0/threaded"
},
{
"name": "20060810 TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442818/100/0/threaded"
},
{
"name": "1393",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1393"
},
{
"name": "1016682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016682"
},
{
"name": "tinywebgallery-image-file-include(28317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28317"
},
{
"name": "20060904 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445089/100/0/threaded"
},
{
"name": "2158",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060816 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443353/100/0/threaded"
},
{
"name": "20060810 TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442818/100/0/threaded"
},
{
"name": "1393",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1393"
},
{
"name": "1016682",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016682"
},
{
"name": "tinywebgallery-image-file-include(28317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28317"
},
{
"name": "20060904 Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445089/100/0/threaded"
},
{
"name": "2158",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4166",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2931 (GCVE-0-2012-2931)
Vulnerability from cvelistv5
Published
2020-01-09 20:56
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T20:56:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23093",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2931",
"datePublished": "2020-01-09T20:56:12",
"dateReserved": "2012-05-23T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2930 (GCVE-0-2012-2930)
Vulnerability from cvelistv5
Published
2015-04-24 14:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "82961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/82961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-24T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "82961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/82961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html",
"refsource": "CONFIRM",
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23093",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "82961",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/82961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2930",
"datePublished": "2015-04-24T14:00:00",
"dateReserved": "2012-05-23T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1911 (GCVE-0-2009-1911)
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35060"
},
{
"name": "20090510 TinyWebGallery \u003c= 1.7.6 LFI / Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded"
},
{
"name": "35020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35020"
},
{
"name": "tinywebgallery-init-file-include(50408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653"
},
{
"name": "34892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34892"
},
{
"name": "8649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35060"
},
{
"name": "20090510 TinyWebGallery \u003c= 1.7.6 LFI / Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded"
},
{
"name": "35020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35020"
},
{
"name": "tinywebgallery-init-file-include(50408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653"
},
{
"name": "34892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34892"
},
{
"name": "8649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35060"
},
{
"name": "20090510 TinyWebGallery \u003c= 1.7.6 LFI / Remote Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded"
},
{
"name": "35020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35020"
},
{
"name": "tinywebgallery-init-file-include(50408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408"
},
{
"name": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653",
"refsource": "CONFIRM",
"url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653"
},
{
"name": "34892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34892"
},
{
"name": "8649",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1911",
"datePublished": "2009-06-04T16:00:00",
"dateReserved": "2009-06-04T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4958 (GCVE-0-2007-4958)
Vulnerability from cvelistv5
Published
2007-09-18 22:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"name": "26841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26841"
},
{
"name": "25689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25689"
},
{
"name": "tinywebgallery-multiple-scripts-xss(36644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-3186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"name": "26841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26841"
},
{
"name": "25689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25689"
},
{
"name": "tinywebgallery-multiple-scripts-xss(36644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"name": "26841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26841"
},
{
"name": "25689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25689"
},
{
"name": "tinywebgallery-multiple-scripts-xss(36644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4958",
"datePublished": "2007-09-18T22:00:00",
"dateReserved": "2007-09-18T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2631 (GCVE-0-2013-2631)
Vulnerability from cvelistv5
Published
2020-02-03 14:46
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.isecauditors.com/advisories-2013#2013-012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters \"twg_browserx\" and \"twg_browsery\" in the page image.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T14:46:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.isecauditors.com/advisories-2013#2013-012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters \"twg_browserx\" and \"twg_browsery\" in the page image.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.isecauditors.com/advisories-2013#2013-012",
"refsource": "MISC",
"url": "https://www.isecauditors.com/advisories-2013#2013-012"
},
{
"name": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2631",
"datePublished": "2020-02-03T14:46:45",
"dateReserved": "2013-03-19T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5347 (GCVE-0-2012-5347)
Vulnerability from cvelistv5
Published
2012-10-09 15:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:46.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18322"
},
{
"name": "82481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82481"
},
{
"name": "tinywebgallery-multiple-command-execution(72157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72157"
},
{
"name": "51325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18322",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18322"
},
{
"name": "82481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82481"
},
{
"name": "tinywebgallery-multiple-command-execution(72157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72157"
},
{
"name": "51325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18322",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18322"
},
{
"name": "82481",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82481"
},
{
"name": "tinywebgallery-multiple-command-execution(72157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72157"
},
{
"name": "51325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5347",
"datePublished": "2012-10-09T15:00:00",
"dateReserved": "2012-10-09T00:00:00",
"dateUpdated": "2024-08-06T21:05:46.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2932 (GCVE-0-2012-2932)
Vulnerability from cvelistv5
Published
2015-04-24 14:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:04.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "54019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54019"
},
{
"name": "82962",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "54019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54019"
},
{
"name": "82962",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html",
"refsource": "CONFIRM",
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23093",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "54019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54019"
},
{
"name": "82962",
"refsource": "OSVDB",
"url": "http://osvdb.org/82962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2932",
"datePublished": "2015-04-24T14:00:00",
"dateReserved": "2012-05-23T00:00:00",
"dateUpdated": "2024-08-06T19:50:04.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16635 (GCVE-0-2017-16635)
Vulnerability from cvelistv5
Published
2017-11-06 22:00
Modified
2024-08-05 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1997",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16635",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-11-06T00:00:00",
"dateUpdated": "2024-08-05T20:27:04.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-06 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.vulnerability-lab.com/get_content.php?id=1997 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vulnerability-lab.com/get_content.php?id=1997 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C41219AB-64EB-43BF-90E9-B86EB115998E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create."
},
{
"lang": "es",
"value": "En TinyWebGallery v2.4, una vulnerabilidad XSS se localiza en los par\u00e1metros \"mkname\", \"mkitem\" e \"item\" del m\u00f3dulo \"Add/Create\". Los atacantes remotos con cuentas de usuario con pocos privilegios para el acceso backend son capaces de inyectar c\u00f3digos script maliciosos en el listado de \u00edtems \"TWG Explorer\". El m\u00e9todo de petici\u00f3n que se tendr\u00eda que inyectar es POST y el vector de ataque se sit\u00faa en el lado de la aplicaci\u00f3n del servicio. El punto de inyecci\u00f3n es el campo de entrada add/create y el punto de ejecuci\u00f3n ocurre en el listado de \u00edtems tras la adici\u00f3n o la creaci\u00f3n."
}
],
"id": "CVE-2017-16635",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T22:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=1997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-09 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52901DC2-E8EB-460C-909A-1BC860082FFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php."
},
{
"lang": "es",
"value": "TinyWebGallery v1.8.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de metacaracteres de shell en el par\u00e1metro \u0027command\u0027 a (1)info.php o (2) inc/filefunctions.inc.\r\n"
}
],
"id": "CVE-2012-5347",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-09T15:55:01.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18322"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/82481"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52901DC2-E8EB-460C-909A-1BC860082FFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php."
},
{
"lang": "es",
"value": "TinyWebGallery (TWG) v1.8.3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con i_frames/i_register.php."
}
],
"id": "CVE-2011-3810",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:03.613",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/TinyWebGallery-1.8.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7075F8-B97F-4B8D-8BB4-A4990FFA1604",
"versionEndIncluding": "1.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC860783-7018-4421-8ACE-6F6C522E41DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21630514-7C0A-4B74-8E3A-4F32F9366EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E4CEDD-095B-40E1-9AD5-419CC63CAA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5722B-0221-4CE2-84E9-C4A6007DFB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "634AAE01-C70F-4B79-9FFB-E902AED7A6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2F0E0E-D32E-49C0-8710-B93E9D825925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91115B08-3533-4027-B80A-3CDFDC38A915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE1A1DE-DD29-4A96-B483-1CA2B5AA59F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0C7694-9978-4F85-8B81-A5AA558780BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "26CDEB37-98C9-42AD-BC50-415FEF0E5943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A20998-E0B8-4AA4-9525-16451E163EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3c:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8E7335-EEA2-42AB-BFB3-D2F00303419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EE4A5E-DE0F-45E1-8950-53A1C35AEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8C28C-3AE4-4031-949A-B120097B93EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08EB1FD6-A790-40D0-A931-EAD9983D983C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E6D0D3-10F2-4D8C-BC26-BA4AB513B33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16028F35-AE2B-4C10-96C5-8C3ABBD59B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "372DA1CA-691A-4510-9ECE-86B4914ABE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E99F2224-6DF4-4E8F-B5AD-6D474C4F27D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99C0289F-F5D6-46D1-9D5F-4BBB7762E396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "864C47CE-7BE4-4927-83F1-F563C3E12034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04274BC9-E353-4FD9-8BB6-7F431453B95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BA5727-3AD1-4169-8E94-231BD2CAFD24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "73AD8BD9-03BB-4E89-9D4D-50D095C38F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7468212F-EB58-4E20-888B-679D4242AC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.0.1_15.08.2006:*:*:*:*:*:*:*",
"matchCriteriaId": "9D00E3AF-4649-4AE6-AD50-1166BC89FC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.0.2_17.08.2006:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0E1423-82D3-42E8-B90E-E0A2DECF9948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.1_03.09.2006:*:*:*:*:*:*:*",
"matchCriteriaId": "511C256A-649F-47AD-88A7-4DF6CCAB4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.2.1_20.09.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "A35930C6-663F-49A8-9C05-5F9CC985ABE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.2.2_21.09.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "19C91295-E4A9-45B8-916F-7A34BF553611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.2_17.09.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "0028B129-B45A-46A8-BD09-D3F8B383B9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.3.1_11.10.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B7DE42-BE41-4827-966F-BFE294CD9F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.3.2_12.10.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C36F4-9F45-4E37-923A-5A3650132997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.3_08.10.2006_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "F324A21B-69A7-4618-BB0B-0A5BF85A8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.4_13.10.2006:*:*:*:*:*:*:*",
"matchCriteriaId": "B2772FF4-E46F-4859-B7B1-BA1E2966BEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.5.5_30.10.2006_2200:*:*:*:*:*:*:*",
"matchCriteriaId": "660D356C-164C-47DA-8DB4-9E45DD876FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "080E4F0F-16E8-402F-9A11-2326469D65C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC23AAE-37F6-4842-9BB7-E46BB6348B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F8B14D-F020-4C93-A9A6-EEBF14A910B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFABF7-960A-4BB9-BCCC-C7CB4FCEA946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09EE1C8F-F520-4E77-BF1E-CDFC4F33FD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A7E5B-A04E-48E2-8761-11C8661C1D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8412E8AF-BDB8-4DCF-AFEA-E3E69F37DC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.2-18.04.2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9B77756A-09FA-4B82-BF4F-FB15EEB66F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.3-12.05.2008:*:*:*:*:*:*:*",
"matchCriteriaId": "153B15B9-280D-437A-B605-73879A0A1CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12116393-BFD8-473F-956F-5F6C0B27C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "363CC2F1-493E-42EB-ABF5-AECBBAEE64DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1591D7EE-1188-4EF4-8271-00B1F54EC92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6546FC7A-5392-4741-B942-EACC360C958D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0B254B-F9CF-4484-B7BE-331D009DDDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCB8A7-BA0E-46AF-90FC-C2AE98A570F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "754912C5-01EF-4F98-9AF7-FFC4FEC5A5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3FAC1D-008A-4088-86EC-8A96DBDA8614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFCC874-3498-4F1A-8B51-DCA83B4C2B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D8EFE9-B6A9-44BC-9041-2E1CCE8FB520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D30C4A2A-6759-474C-82EC-FFD97BFCEA1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE67329A-7862-470A-AF78-DA135587E442",
"versionEndIncluding": "2.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "354BBE12-96AA-4F3C-8B51-CFE80E4808D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCFC487-FDA2-4D26-8140-1F16BAA7A658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19E0034-0B67-4A71-83E8-98A148FF89F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F06FAD64-5233-44BB-9FDA-ED019967B7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9541428-5609-43FE-BF9B-49414E64D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE410E3-E0AB-4C47-AB4A-7290460BB9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF42BE37-1569-4D22-9302-B1F5AB12C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF152CB-58C1-4B9A-87E0-16A7E9EFF7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83892CE6-D168-4B03-94C8-CE167326FA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3907B16C-0DEC-40AE-BB6F-5E6317E083BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D221E893-172F-49F7-BA83-149F88BADB7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en .include/init.php (tambi\u00e9n conocido como admin/_include/init.php) en QuiXplorer v2.3.2 y anteriores, utilizado en TinyWebGallery v1.7.6 y anteriores, permite a los atacantes remotos, incluir y ejecutar arbitrariamente archivos locales a trav\u00e9s de ..(punto punto) en el par\u00e1metro \"lang\" para admin/index.php."
}
],
"id": "CVE-2009-1911",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-04T16:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35060"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8649"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-16 22:04
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | * | |
| tinywebgallery | tinywebgallery | 1.3 | |
| tinywebgallery | tinywebgallery | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706C4750-36F2-4D9D-822F-A174D90A3BE5",
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE1A1DE-DD29-4A96-B483-1CA2B5AA59F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8C28C-3AE4-4031-949A-B120097B93EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en TinyWebGallery 1.5 y anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro image de (1) image.php o (2) image.php2."
}
],
"id": "CVE-2006-4166",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-16T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1393"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442818/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443353/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445089/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28317"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442818/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443353/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445089/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 21:15
Modified
2024-11-21 01:39
Severity ?
Summary
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.htbridge.com/advisory/HTB23093 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.htbridge.com/advisory/HTB23093 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB70CA2-CEAE-444D-9680-C3F68983B42D",
"versionEndExcluding": "1.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n de c\u00f3digo PHP en TinyWebGallery versiones anteriores a 1.8.8, permite a usuarios autenticados remotos con privilegios de administrador inyectar c\u00f3digo arbitrario en el archivo .htusers.php."
}
],
"id": "CVE-2012-2931",
"lastModified": "2024-11-21T01:39:57.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T21:15:11.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-18 22:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | 1.6.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09EE1C8F-F520-4E77-BF1E-CDFC4F33FD5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TinyWebGallery (TWG) 1.6.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un URI a (1) index.php, (2) i_frames/i_login.php, y (3) i_frames/i_top_tags.php. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4958",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-18T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26841"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25689"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-18 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | 1.3 | |
| tinywebgallery | tinywebgallery | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE1A1DE-DD29-4A96-B483-1CA2B5AA59F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8C28C-3AE4-4031-949A-B120097B93EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter."
}
],
"id": "CVE-2006-1802",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-18T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19660"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/717"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17536"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431069/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436451/30/4560/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25831"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F95205-59EF-4FE7-8738-ACA45FAAB3D2",
"versionEndIncluding": "1.8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en TinyWebGallery (TWG) en versiones anteriores a 1.8.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro selitems[] en una acci\u00f3n (1) copy, (2) chmod o (3) arch en admin/index.php o el par\u00e1metro (4) searchitem en una acci\u00f3n search en admin/index.php."
}
],
"id": "CVE-2012-2932",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-24T14:59:03.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/82962"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54019"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-03 15:15
Modified
2024-11-21 01:52
Severity ?
Summary
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.isecauditors.com/advisories-2013#2013-012 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isecauditors.com/advisories-2013#2013-012 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900F338B-B170-457A-BFC6-07ACEF6C0555",
"versionEndIncluding": "1.8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters \"twg_browserx\" and \"twg_browsery\" in the page image.php."
},
{
"lang": "es",
"value": "TinyWebGallery (TWG) versiones 1.8.9 y anteriores, contienen una vulnerabilidad de divulgaci\u00f3n de ruta completa que permite a atacantes remotos obtener informaci\u00f3n confidencial por medio de los par\u00e1metros \"twg_browserx\" y \"twg_browsery\" en la p\u00e1gina image.php."
}
],
"id": "CVE-2013-2631",
"lastModified": "2024-11-21T01:52:04.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-03T15:15:11.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.isecauditors.com/advisories-2013#2013-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/121128/TinyWebGallery-1.8.9-Path-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.isecauditors.com/advisories-2013#2013-012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinywebgallery | tinywebgallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F95205-59EF-4FE7-8738-ACA45FAAB3D2",
"versionEndIncluding": "1.8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en TinyWebGallery (TWG) anterior a 1.8.8 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) a\u00f1aden un usuario a trav\u00e9s de una acci\u00f3n adduser en admin/index.php o (2) realizan ataques de inyecci\u00f3n de c\u00f3digo PHP est\u00e1tico en .htusers.php a trav\u00e9s del par\u00e1metro user en admin/index.php."
}
],
"id": "CVE-2012-2930",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-24T14:59:01.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/82961"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/82961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}