2 matches found
CVE-2009-1911
Directory traversal vulnerability in .include/init.php aka admin/include/init.php in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery TWG 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to admin/index.php...
TinyWebGallery/QuiXplorer Local File Include Vulnerability
TinyWebGallery and QuiXplorer are prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks...