|
Description
|
|
A vulnerability has been identified in TinyWebGallery, which could be exploited by attackers to compromise a vulnerable web server. This issue is caused by an input validation error in the "admin/_include/init.php" script that does not validate the "action" parameter, which could be exploited by remote attackers to include local files (e.g. the "counter/_twg.log" script which contains user-supplied data) and execute arbitrary commands with the privileges of the web server.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
TinyWebGallery version 1.7.6 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to TinyWebGallery version 1.7.7 :
http://www.tinywebgallery.com/en/download.php
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://www.milw0rm.com/exploits/8649
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
