CVE-2012-2932

CVE-2012-2932 affects TinyWebGallery (TWG) prior to 1.8.8. The vulnerabilities include: XSS via the selitems[] parameter for admin/index.php actions copy, chmod, or arch, and via the searchitem parameter for the search action; and related issues involving input returned to the administrator’s bro...

Multiple vulnerabilities in TinyWebGallery

Advisory ID: HTB23093 Product: TinyWebGallery Vendor: www.tinywebgallery.com Vulnerable Versions: 1.8.7 and probably prior Tested Version: 1.8.7 Vendor Notification: 23 May 2012 Vendor Patch: 24 May 2012 Public Disclosure: 13 June 2012 Vulnerability Type: Сross-Site Request Forgery CSRF, Arbitrar...