Lucene search

[email protected]CVE-2012-2930

HistoryApr 24, 2015 - 2:59 p.m.

CVE-2012-2930

2015-04-2414:59:00

CWE-352

[email protected]

web.nvd.nist.gov

csrf

tinywebgallery

twg

vulnerability

admin authentication

nvd

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.

CPENameOperatorVersion
tinywebgallery:tinywebgallerytinywebgalleryle1.8.6

CPE	Name	Operator	Version
tinywebgallery:tinywebgallery	tinywebgallery	le	1.8.6

References

osvdb.org/show/osvdb/82961

www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html

www.htbridge.com/advisory/HTB23093

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2012-2930

prion1 cvelist1 securityvulns2 htbridge1