Vulnerabilities > Tinywebgallery > Tinywebgallery > 1.8.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2013-2631 Information Exposure vulnerability in Tinywebgallery
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
network
low complexity
tinywebgallery CWE-200
5.0
2020-01-09 CVE-2012-2931 Injection vulnerability in Tinywebgallery
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
network
low complexity
tinywebgallery CWE-74
6.5
2015-04-24 CVE-2012-2932 Cross-site Scripting vulnerability in Tinywebgallery
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.
4.3
2015-04-24 CVE-2012-2930 Cross-Site Request Forgery (CSRF) vulnerability in Tinywebgallery
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.
6.8
2012-10-09 CVE-2012-5347 Remote Command Execution vulnerability in Tinywebgallery 1.8.3
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
network
low complexity
tinywebgallery
7.5
2011-09-24 CVE-2011-3810 Information Exposure vulnerability in Tinywebgallery 1.8.3
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
network
low complexity
tinywebgallery CWE-200
5.0