TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
CPE | Name | Operator | Version |
---|---|---|---|
tinywebgallery | eq | 1.8.3 |