Tinywebgallery · Tinywebgallery · CVE-2012-5347
**Name of the Vulnerable Software and Affected Versions**
TinyWebGallery version 1.8.3
**Description**
The issue allows remote attackers to execute arbitrary code via shell metacharacters in the `command` parameter to (1) inc/filefunctions.inc or (2) info.php.
**Recommendations**
For TinyWebGallery version 1.8.3, consider restricting access to the `command` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `command` parameter in the inc/filefunctions.inc and info.php files to minimize the risk of exploitation.