PT-2020-7404 · Unknown · Tinywebgallery
Published
2020-02-03
·
Updated
2020-02-05
·
CVE-2013-2631
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
TinyWebGallery (TWG) versions 1.8.9 and earlier
Description:
The issue allows remote attackers to obtain sensitive information. This is achieved through the parameters
twg browserx and twg browsery in the page "image.php".Recommendations:
For versions 1.8.9 and earlier, consider restricting access to the "image.php" page until a fix is available. As a temporary workaround, avoid using the parameters
twg browserx and twg browsery in the affected page.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tinywebgallery