PHP Remote File Inclusion Vulnerability in TinyWebGallery by TinyWebGallery
CVE-2006-4166

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 16 August 2006

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2006-4166?

TinyWebGallery versions up to 1.5 are subject to a PHP remote file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code. This can be achieved by manipulating the image parameter in the image.php or image.php2 files, potentially leading to unauthorized actions and security breaches on affected servers. Website administrators should take immediate steps to mitigate this risk.

References

http://www.securityfocus.com/archive/1/443353/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/442818/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/1393

third-party-advisoryx_refsource_SREASON

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2006
Vulnerability Reserved
Aug 16, 2006

JSON