Expl0!Ts

**Name of the Vulnerable Software and Affected Versions** TinyWebGallery version 1.8.3 **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters in the `command` parameter to (1) inc/filefunctions.inc or (2) info.php. **Recommendations** For TinyWebGallery version 1.8.3, consider restricting access to the `command` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `command` parameter in the inc/filefunctions.inc and info.php files to minimize the risk of exploitation.