Tinywebgallery

Tinywebgallery

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-53939

Exploit
  • EPSS 0.04%
  • Veröffentlicht 18.12.2025 19:53:34
  • Zuletzt bearbeitet 24.12.2025 16:46:55

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary Ja...

9.8

CVE-2023-53922

Exploit
  • EPSS 1.97%
  • Veröffentlicht 17.12.2025 22:44:53
  • Zuletzt bearbeitet 24.12.2025 16:50:20

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitr...

5.3

CVE-2013-2631

Exploit
  • EPSS 0.29%
  • Veröffentlicht 03.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:52:04

TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.

7.2

CVE-2012-2931

Exploit
  • EPSS 0.94%
  • Veröffentlicht 09.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:39:57

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.

5.4

CVE-2017-16635

  • EPSS 0.25%
  • Veröffentlicht 06.11.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into t...

4.3

CVE-2012-2932

Exploit
  • EPSS 0.29%
  • Veröffentlicht 24.04.2015 14:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4)...

6.8

CVE-2012-2930

Exploit
  • EPSS 0.18%
  • Veröffentlicht 24.04.2015 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) con...

7.5

CVE-2012-5347

Exploit
  • EPSS 7.91%
  • Veröffentlicht 09.10.2012 15:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.

5

CVE-2011-3810

  • EPSS 0.26%
  • Veröffentlicht 24.09.2011 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.

6.8

CVE-2009-1911

Exploit
  • EPSS 9.91%
  • Veröffentlicht 04.06.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (do...