Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-2930

Published: 24/04/2015 Updated: 27/04/2015
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) prior to 1.8.8 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.

Vulnerable Product Search on Vulmon Subscribe to Product

tinywebgallery tinywebgallery

References

CWE-352http://osvdb.org/show/osvdb/82961https://www.htbridge.com/advisory/HTB23093http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802template injectionCVE-2024-0044code injectionCVE-2024-35474CVE-2024-27857CVE-2024-23251CVE-2024-23692physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook