ГлавнаяУязвимости → CVE-2023-53922
9.8критическая

CVE-2023-53922

Описание

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.

Затрагиваемое ПО
Tinywebgallery Tinywebgallery
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.tinywebgallery.com/https://www.exploit-db.com/exploits/51443https://www.vulncheck.com/advisories/tinywebgallery-remote-code-execution-via-unrestricted-file-uploadhttps://www.exploit-db.com/exploits/51443