← Back

CVE-2023-53922

nvd nist
Published: Dec 17, 2025Modified: Dec 24, 2025

JSON object

Loading...
9.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.

Affected (1)

Tinywebgallery
1 product
Tinywebgallery
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Tinywebgallery
Version 2.5

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
ExploitThird Party AdvisoryVDB Entry
Source: disclosure@vulncheck.com
Third Party AdvisoryExploit
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.