NotCVE - vendor:"Tinywebgallery" product:"Tinywebgallery" version:"1.7.4.4"

5 results (0.007 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-2931

https://notcve.org/view.php?id=CVE-2012-2931

09 Jan 2020 — PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. Una inyección de código PHP en TinyWebGallery versiones anteriores a 1.8.8, permite a usuarios autenticados remotos con privilegios de administrador inyectar código arbitrario en el archivo .htusers.php. • https://www.htbridge.com/advisory/HTB23093 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-2930

https://notcve.org/view.php?id=CVE-2012-2930

24 Apr 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php. Múltiples vulnerabilidades de CSRF en TinyWebGallery (TWG) anterior a 1.8.8 permiten a atacantes remotos secuestrar la autenticación de administradores para solicit... • http://osvdb.org/show/osvdb/82961 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-2932

https://notcve.org/view.php?id=CVE-2012-2932

24 Apr 2015 — Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php. Múltiples vulnerabilidades de XSS en TinyWebGallery (TWG) en versiones anteriores a 1.8.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro seli... • http://osvdb.org/82962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3

CVE-2013-2631 – TinyWebGallery 1.8.9 Path Disclosure

https://notcve.org/view.php?id=CVE-2013-2631

06 Apr 2013 — TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. TinyWebGallery (TWG) versiones 1.8.9 y anteriores, contienen una vulnerabilidad de divulgación de ruta completa que permite a atacantes remotos obtener información confidencial por medio de los parámetros "twg_browserx" y "twg_browsery" en la página image.php. TinyWebGallery versions ... • https://packetstorm.news/files/id/121128 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 9%CPEs: 69EXPL: 2

CVE-2009-1911 – TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution

https://notcve.org/view.php?id=CVE-2009-1911

04 Jun 2009 — Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php. Vulnerabilidad de salto de directorio en .include/init.php (también conocido como admin/_include/init.php) en QuiXplorer v2.3.2 y anteriores, utilizado en TinyWebGallery v1.7.6 y anteriores, permite a los atacante... • https://www.exploit-db.com/exploits/8649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •