CVE-2012-2930

TinyWebGallery < 1.8.8 - Cross-Site Request Forgery via Admin User Management

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/82961

Scores

EPSS 0.0070
EPSS Percentile 48.9%

Details

CWE
CWE-352
Status published
Products (1)
tinywebgallery/tinywebgallery < 1.8.6
Published Apr 24, 2015
Tracked Since Feb 18, 2026