exploitDog

CVE-2023-53922

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.

Ссылки

http://www.tinywebgallery.com/
Product
https://www.exploit-db.com/exploits/51443
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/tinywebgallery-remote-code-execution-via-unrestricted-file-upload
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/51443
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tinywebgallery:tinywebgallery:2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01396

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-43xj-26f5-3q3h

CVSS3: 9.8

github

около 2 месяцев назад

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.

EPSS

Процентиль: 80%

0.01396

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434