CVE-2012-2932

Name of the Vulnerable Software and Affected Versions TinyWebGallery versions prior to 1.8.8

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the selitems[] parameter in a copy, chmod, or arch action to "admin/index.php" or the searchitem parameter in a search action to "admin/index.php".

Recommendations For versions prior to 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/index.php" endpoint and avoid using the selitems[] and searchitem parameters in the affected actions until the issue is resolved.