CVE-2012-5347
TinyWebGallery 1.8.3 - Remote Code Execution via Command Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-5347. PoCs published by Expl0!Ts.
AI-analyzed exploit summary The exploit demonstrates remote command execution in TinyWebGallery 1.8.3 via unsanitized input in the 'command' parameter in 'filefunctions.inc' and 'ifo.php'. The PoC shows how arbitrary commands can be injected through HTTP GET requests.
Description
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
Exploits (1)
The exploit demonstrates remote command execution in TinyWebGallery 1.8.3 via unsanitized input in the 'command' parameter in 'filefunctions.inc' and 'ifo.php'. The PoC shows how arbitrary commands can be injected through HTTP GET requests.