Published: 04/06/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and previous versions, as used in TinyWebGallery (TWG) 1.7.6 and previous versions, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tinywebgallery tinywebgallery 1.7.5.1
tinywebgallery tinywebgallery 1.7.5
tinywebgallery tinywebgallery 1.7.3.3
tinywebgallery tinywebgallery 1.7.3.2
tinywebgallery tinywebgallery 1.6.2
tinywebgallery tinywebgallery 1.6.1
tinywebgallery tinywebgallery 1.5.2.1_20.09.2006_1000
tinywebgallery tinywebgallery 1.5.2_17.09.2006_1000
tinywebgallery tinywebgallery 1.7.4.5
tinywebgallery tinywebgallery 1.7.4.4
tinywebgallery tinywebgallery 1.7.3.1
tinywebgallery tinywebgallery 1.7.3-12.05.2008
tinywebgallery tinywebgallery 1.6
tinywebgallery tinywebgallery 1.5.5_30.10.2006_2200
tinywebgallery tinywebgallery 1.5.1_03.09.2006
tinywebgallery tinywebgallery 1.5.0.2_17.08.2006
tinywebgallery tinywebgallery 1.4.0.4
tinywebgallery tinywebgallery 1.4.0.3
tinywebgallery tinywebgallery 1.1.2
tinywebgallery tinywebgallery 1.1.1
tinywebgallery tinywebgallery 1.4.1.1
tinywebgallery tinywebgallery 1.4.1
tinywebgallery tinywebgallery 1.3a
tinywebgallery tinywebgallery 1.2
tinywebgallery tinywebgallery 1.01
tinywebgallery tinywebgallery 1.0
tinywebgallery tinywebgallery 1.4
tinywebgallery tinywebgallery 1.3
tinywebgallery tinywebgallery
tinywebgallery tinywebgallery 1.7.4.1
tinywebgallery tinywebgallery 1.7.4
tinywebgallery tinywebgallery 1.7
tinywebgallery tinywebgallery 1.6.3
tinywebgallery tinywebgallery 1.5.3_08.10.2006_1000
tinywebgallery tinywebgallery 1.5.2.2_21.09.2006_1000
tinywebgallery tinywebgallery 1.4.1.3
tinywebgallery tinywebgallery 1.4.1.2
tinywebgallery tinywebgallery 1.3c
tinywebgallery tinywebgallery 1.3b
tinywebgallery tinywebgallery 1.03
tinywebgallery tinywebgallery 1.02
tinywebgallery tinywebgallery 1.6.3.4
tinywebgallery tinywebgallery 1.5
tinywebgallery tinywebgallery 1.7.4.3
tinywebgallery tinywebgallery 1.7.4.2
tinywebgallery tinywebgallery 1.7.2-18.04.2008
tinywebgallery tinywebgallery 1.7.1
tinywebgallery tinywebgallery 1.5.4_13.10.2006
tinywebgallery tinywebgallery 1.5.3.2_12.10.2006_1000
tinywebgallery tinywebgallery 1.5.3.1_11.10.2006_1000
tinywebgallery tinywebgallery 1.5.0.1_15.08.2006
tinywebgallery tinywebgallery 1.4.2
tinywebgallery tinywebgallery 1.4.0.2
tinywebgallery tinywebgallery 1.4.0.1
tinywebgallery tinywebgallery 1.1
tinywebgallery tinywebgallery 1.05
tinywebgallery tinywebgallery 1.04
claudio klingler quixplorer 2.3.1
claudio klingler quixplorer 1.4
claudio klingler quixplorer 1.2
claudio klingler quixplorer 1.6
claudio klingler quixplorer 1.5
claudio klingler quixplorer 2.1.1
claudio klingler quixplorer 2.0
claudio klingler quixplorer
claudio klingler quixplorer 2.3
claudio klingler quixplorer 2.2
claudio klingler quixplorer 1.1
claudio klingler quixplorer 1.0

<?php /* ----------------------------------------------------------- TinyWebGallery <= 176 LFI / Remote Code Execution Exploit ----------------------------------------------------------- author: EgiX mail: n0b0d13s[at]gmail[dot]com link: wwwtinywebgallerycom/ details: this vulnerability drift from QuiXplo ...

CWE-22 http://secunia.com/advisories/35020 http://www.tinywebgallery.com/forum/viewtopic.php?t=1653 http://www.securityfocus.com/bid/34892 http://secunia.com/advisories/35060 https://exchange.xforce.ibmcloud.com/vulnerabilities/50408 https://www.exploit-db.com/exploits/8649 http://www.securityfocus.com/archive/1/503396/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8649/

CVE-2009-1911

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect