TinyWebGallery/QuiXplorer Local File Include Vulnerability Network Vulnerability

Summary

TinyWebGallery and QuiXplorer are prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. TinyWebGallery 1.7.6 and prior versions are vulnerable. QuiXplorer 2.3.2 and prior versions are vulnerable.

Solution

An update is available. Please see http://www.tinywebgallery.com for more information.

References

http://www.securityfocus.com/bid/34892

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1911

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache Struts Directory Traversal Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities