Information Disclosure in TinyWebGallery by TinyWebGallery
CVE-2011-3810

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 24 September 2011

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2011-3810?

TinyWebGallery version 1.8.3 is susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive information. By sending a direct request to specific .php files, attackers can trigger error messages that reveal crucial details about the installation path. For instance, accessing i_frames/i_register.php exposes sensitive path information, which could help attackers in escalating their threat to the system. This highlights the importance of securing web applications against such disclosure vulnerabilities.

References

http://www.openwall.com/lists/oss-security/2011/06/27/6

mailing-listx_refsource_MLIST

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 24, 2011

JSON