Cross-Site Request Forgery Vulnerabilities in TinyWebGallery by TinyWebGallery
CVE-2012-2930

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 24 April 2015

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2012-2930?

TinyWebGallery versions prior to 1.8.8 are susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities enable attackers to exploit the authentication tokens of administrators, facilitating unauthorized actions such as adding users through admin functionality or executing static PHP code injection attacks via the .htusers.php file. This poses a significant security risk, allowing malicious actors to manipulate administrative capabilities without valid authentication.

References

http://www.tinywebgallery.com/forum/web-photo-gallery-new...

x_refsource_CONFIRM

https://www.htbridge.com/advisory/HTB23093

x_refsource_MISC

http://osvdb.org/show/osvdb/82961

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2015
Vulnerability Reserved
May 23, 2012

JSON