3 matches found
CVE-2012-2931
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file...
CVE-2012-2931
CVE-2012-2931 affects TinyWebGallery prior to 1.8.8. The vulnerability arises from unsanitized input in the admin user-creation flow: the POST parameter for user is written into .htusers.php, and a remote authenticated admin can inject arbitrary PHP code, enabling code execution via admin/index.p...
Multiple vulnerabilities in TinyWebGallery
Advisory ID: HTB23093 Product: TinyWebGallery Vendor: www.tinywebgallery.com Vulnerable Versions: 1.8.7 and probably prior Tested Version: 1.8.7 Vendor Notification: 23 May 2012 Vendor Patch: 24 May 2012 Public Disclosure: 13 June 2012 Vulnerability Type: Сross-Site Request Forgery CSRF, Arbitrar...