Command injection

2012-10-0915:55:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

0.28 Low

EPSS

Percentile

96.9%

JSON

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.

CPENameOperatorVersion
tinywebgalleryeq1.8.3

CPE	Name	Operator	Version
	tinywebgallery	eq	1.8.3

References

www.osvdb.org/82481

www.securityfocus.com/bid/51325

exchange.xforce.ibmcloud.com/vulnerabilities/72157

www.exploit-db.com/exploits/18322