Remote Code Execution Vulnerability in TinyWebGallery by TinyWebGallery
CVE-2012-5347

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 9 October 2012

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2012-5347?

TinyWebGallery version 1.8.3 is susceptible to a remote code execution vulnerability that allows attackers to execute arbitrary commands through crafted input. This exploitation occurs due to unvalidated inputs being passed to the command parameters in specific files, such as inc/filefunctions.inc and info.php, enabling attackers to manipulate the system and execute unintended commands, potentially leading to a complete compromise of the affected server.

References

http://www.exploit-db.com/exploits/18322

exploitx_refsource_EXPLOIT-DB

http://www.osvdb.org/82481

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/72157

vdb-entryx_refsource_XF

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
Oct 9, 2012

JSON