CVE-2012-2931: Code Injection
First published: Thu Jan 09 2020(Updated: )
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TinyWebGallery Wordpress Flash Uploader | <1.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2931?
The severity of CVE-2012-2931 is high.
How does PHP code injection in TinyWebGallery before 1.8.8 occur?
PHP code injection in TinyWebGallery before 1.8.8 occurs when remote authenticated users with admin privileges inject arbitrary code into the .htusers.php file.
Which software versions are affected by CVE-2012-2931?
Versions up to and excluding 1.8.8 of TinyWebGallery are affected by CVE-2012-2931.
What is the Common Weakness Enumeration (CWE) ID of CVE-2012-2931?
The Common Weakness Enumeration (CWE) ID of CVE-2012-2931 is CWE-94 and CWE-74.
Is there any reference material available for CVE-2012-2931?
Yes, you can find reference material for CVE-2012-2931 at the following link: https://www.htbridge.com/advisory/HTB23093
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tinywebgallery
- canonical/tinywebgallery wordpress flash uploader