CVE-2023-53922
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tinywebgallery | tinywebgallery | 2.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
TinyWebGallery v2.5 has a remote code execution vulnerability in its admin upload feature. This flaw allows attackers who are not logged in to upload malicious PHP files disguised as .phar files. Once uploaded, these files can be accessed via their URL to execute arbitrary code on the server.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary code on your server without authentication, potentially leading to full system compromise, data theft, service disruption, or unauthorized control over the affected server.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70