Vulnerabilities > Tinywebgallery > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-25 CVE-2014-5014 Command Injection vulnerability in Tinywebgallery Wordpress Flash Uploader
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
network
low complexity
tinywebgallery CWE-77
7.5
7.5
2012-10-09 CVE-2012-5347 Remote Command Execution vulnerability in Tinywebgallery 1.8.3
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
network
low complexity
tinywebgallery
7.5
7.5
2006-08-16 CVE-2006-4166 Remote Security vulnerability in Tinywebgallery
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
network
low complexity
tinywebgallery
7.5
7.5