Directory Traversal Vulnerability in QuiXplorer Affecting TinyWebGallery
CVE-2009-1911

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 4 June 2009

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2009-1911?

A directory traversal vulnerability exists in QuiXplorer versions up to 2.3.2, allowing attackers to exploit the lang parameter in admin/index.php. By manipulating the parameter to include a '..' (dot dot), remote attackers can gain access to and execute arbitrary local files, posing a significant risk to the security of systems using the affected software.

References

http://secunia.com/advisories/35060

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/503396/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/35020

third-party-advisoryx_refsource_SECUNIA

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2009
Vulnerability Reserved
Jun 4, 2009

JSON