PT-2012-5942 · Tinywebgallery · Tinywebgallery
Expl0!Ts
·
Publicado
2012-10-09
·
Atualizado
2017-08-29
·
CVE-2012-5347
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TinyWebGallery version 1.8.3
Description
The issue allows remote attackers to execute arbitrary code via shell metacharacters in the
command parameter to (1) inc/filefunctions.inc or (2) info.php.Recommendations
For TinyWebGallery version 1.8.3, consider restricting access to the
command parameter in the affected files until a patch is available. As a temporary workaround, avoid using the command parameter in the inc/filefunctions.inc and info.php files to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tinywebgallery