A vulnerability in TinyWebGallery versions 1.8.9 and prior could allow an unauthenticated, remote attacker to disclose sensitive information.
The vulnerability exists in the image.php
script due to insufficient sanitization of user-supplied input. An attacker could exploit the vulnerability by transmitting crafted twg_browserx
parameters to a targeted system. This may allow the attacker to perform gain knowledge about the path to the web root. The attacker could use this information to conduct further attacks.
Proof-of-concept code that exploits this vulnerability is publicly available.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.
The vendor has released a changelog at the following link: TinyWebGallery 1.9
. The vendor has released updated software at the following link: TinyWebGallery 1.9