CVE-2023-53922

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

Tiny Web Gallery 1.5 Image Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19462/info Tiny Web Gallery is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary...

Tiny Web Gallery 1.5 - 'Image' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19462/info Tiny Web Gallery is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP...

Tiny Web Gallery 1.4 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17536/info Tiny Web Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in th...

Tiny Web Gallery 1.4 - index.php Cross-Site Scripting

Tiny Web Gallery 1.4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17536/info Tiny Web Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...