Vulnerabilities > CVE-2012-5347 - Remote Command Execution vulnerability in Tinywebgallery 1.8.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tinywebgallery
exploit available
NVD
Published: 2012-10-09
Updated: 2017-08-29

Summary

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.

Vulnerable Configurations

Part Description Count
Application
Tinywebgallery
1

Exploit-Db

descriptionTinyWebGallery 1.8.3 - Remote Command Execution. CVE-2012-5347. Webapps exploit for php platform
fileexploits/php/webapps/18322.txt
idEDB-ID:18322
last seen2016-02-02
modified2012-01-06
platformphp
port
published2012-01-06
reporterExpl0!Ts
sourcehttps://www.exploit-db.com/download/18322/
titleTinyWebGallery 1.8.3 - Remote Command Execution
typewebapps

References