Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tinywebgallery QuiXplorer "init.php" 目录遍历和文件包含漏洞
Vulnerability Description
STinyWebGallery(TWG)是软件开发者Michael Dempfle所研发的一套基于Ajax、PHP和XML的开源相册,它提供文字和图片水印、幻灯片播放、图像上传和管理等功能。 TinyWebGallery的/admin/_include/init.php模块没有正确地验证用户请求中的$_GET['lang']参数: 110. // Get Language 111. if (isset($GLOBALS['__GET']["lang"])) $GLOBALS["lang"] = $GLOB
CVSS Information
N/A
Vulnerability Type
N/A