Path Disclosure Vulnerability in TinyWebGallery by TinyWebGallery
CVE-2013-2631

5.3MEDIUM

Key Information:

Vendor

Tinywebgallery

Status
Tinywebgallery
Vendor
CVE Published:
3 February 2020

What is CVE-2013-2631?

TinyWebGallery versions 1.8.9 and earlier are susceptible to a path disclosure vulnerability that enables remote attackers to access sensitive information. This issue arises due to improper handling of the parameters 'twg_browserx' and 'twg_browsery' in the image.php page. Exploiting this vulnerability could lead to the exposure of system paths, aiding attackers in further compromising the web application. Developers using these affected versions should apply the necessary updates to mitigate the risks associated with this vulnerability.

References

https://www.isecauditors.com/advisories-2013#2013-012
x_refsource_MISC
https://packetstormsecurity.com/files/121128/TinyWebGalle...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.