Tinywebgallery: >> Tinywebgallery >> 1.8.7 Security Vulnerabilities
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-02-03
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
CVSS Score
7.2
EPSS Score
0.009
Published
2020-01-09