TinyWebGallery <= 1.7.6 (init.php) Local File Inclusion Vulnerability


TinyWebGallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /admin/_include/init.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the lang parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. In addition, this flaw can potentially be used to disclose the contents of any file on the system.


Disclosure Date:

May 8, 2009