TinyWebGallery version 1.8.7 and probably prior suffers from
Сross-Site Request Forgery (CSRF), Arbitrary Code Execution, cross site scripting (XSS) vulnerabilities:
1. Сross-Site Request Forgery (CSRF): The application allows authorized administrator to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests.
2. Arbitrary Code Execution: input passed via the "user" POST parameter to "admin/index.php" is not properly sanitised before being written to ".htusers.php" file.
3. Cross-Site Scripting (XSS): Input passed via the "selitems[]", "searchitem" POST parameters to "/admin/index.php" is not properly sanitised before being returned to the user.
Vulnerability ID: HTB23093
Vendor Notification / Patch / Public Disclosure Dates: 23 May / 24 May / 13 June
Vulnerabilities Type: CSRF, arbitrary code execution, XSS
Risk level: Medium
Solution Status: Fixed by Vendor, upgrade to latest TWG 1.8.8 build
Read full information, details and Proof of Concept (PoC) for this advisory: High-Tech Bridge Advisory HTB23093: Multiple vulnerabilities in TinyWebGallery.
No comments:
Post a Comment