CVE-2023-53922

Critical CVSS: 9.3

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.

Vendor

Tinywebgallery

Product

Tinywebgallery

CWE

CWE-434

Yayın Tarihi

2025-12-17 23:15:51

Güncelleme

2025-12-24 16:50:20

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Tinywebgallery CRITICAL Tinywebgallery 2025

Referanslar

http://www.tinywebgallery.com/ https://www.exploit-db.com/exploits/51443 https://www.vulncheck.com/advisories/tinywebgallery-remote-code-execution-via-unrestricted-file-upload https://www.exploit-db.com/exploits/51443

Benzer Kayıtlar

Medium

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject m…

Medium

CVE-2025-1439

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe'…

Medium

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_…

Medium

CVE-2025-1437

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe'…