CVE-2009-1911

Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
tinywebgallerytinywebgallery
𝑥
≤ 1.7.6
tinywebgallerytinywebgallery
1.0
tinywebgallerytinywebgallery
1.1
tinywebgallerytinywebgallery
1.01
tinywebgallerytinywebgallery
1.1.1
tinywebgallerytinywebgallery
1.1.2
tinywebgallerytinywebgallery
1.02
tinywebgallerytinywebgallery
1.2
tinywebgallerytinywebgallery
1.3
tinywebgallerytinywebgallery
1.03
tinywebgallerytinywebgallery
1.3a:a
tinywebgallerytinywebgallery
1.3b:b
tinywebgallerytinywebgallery
1.3c:c
tinywebgallerytinywebgallery
1.04
tinywebgallerytinywebgallery
1.4
tinywebgallerytinywebgallery
1.4.0.1
tinywebgallerytinywebgallery
1.4.0.2
tinywebgallerytinywebgallery
1.4.0.3
tinywebgallerytinywebgallery
1.4.0.4
tinywebgallerytinywebgallery
1.4.1
tinywebgallerytinywebgallery
1.4.1.1
tinywebgallerytinywebgallery
1.4.1.2
tinywebgallerytinywebgallery
1.4.1.3
tinywebgallerytinywebgallery
1.4.2
tinywebgallerytinywebgallery
1.05
tinywebgallerytinywebgallery
1.5
tinywebgallerytinywebgallery
1.5.0.1_15.08.2006:_15.08
tinywebgallerytinywebgallery
1.5.0.2_17.08.2006:_17.08
tinywebgallerytinywebgallery
1.5.1_03.09.2006:_03.09
tinywebgallerytinywebgallery
1.5.2.1_20.09.2006_1000:_20.09
tinywebgallerytinywebgallery
1.5.2.2_21.09.2006_1000:_21.09
tinywebgallerytinywebgallery
1.5.2_17.09.2006_1000:_17.09
tinywebgallerytinywebgallery
1.5.3.1_11.10.2006_1000:_11.10
tinywebgallerytinywebgallery
1.5.3.2_12.10.2006_1000:_12.10
tinywebgallerytinywebgallery
1.5.3_08.10.2006_1000:_08.10
tinywebgallerytinywebgallery
1.5.4_13.10.2006:_13.10
tinywebgallerytinywebgallery
1.5.5_30.10.2006_2200:_30.10
tinywebgallerytinywebgallery
1.6
tinywebgallerytinywebgallery
1.6.1
tinywebgallerytinywebgallery
1.6.2
tinywebgallerytinywebgallery
1.6.3
tinywebgallerytinywebgallery
1.6.3.4
tinywebgallerytinywebgallery
1.7
tinywebgallerytinywebgallery
1.7.1
tinywebgallerytinywebgallery
1.7.2-18.04.2008
tinywebgallerytinywebgallery
1.7.3-12.05.2008
tinywebgallerytinywebgallery
1.7.3.1
tinywebgallerytinywebgallery
1.7.3.2
tinywebgallerytinywebgallery
1.7.3.3
tinywebgallerytinywebgallery
1.7.4
tinywebgallerytinywebgallery
1.7.4.1
tinywebgallerytinywebgallery
1.7.4.2
tinywebgallerytinywebgallery
1.7.4.3
tinywebgallerytinywebgallery
1.7.4.4
tinywebgallerytinywebgallery
1.7.4.5
tinywebgallerytinywebgallery
1.7.5
tinywebgallerytinywebgallery
1.7.5.1
claudio_klinglerquixplorer
𝑥
≤ 2.3.2
claudio_klinglerquixplorer
1.0
claudio_klinglerquixplorer
1.1
claudio_klinglerquixplorer
1.2
claudio_klinglerquixplorer
1.4
claudio_klinglerquixplorer
1.5
claudio_klinglerquixplorer
1.6
claudio_klinglerquixplorer
2.0
claudio_klinglerquixplorer
2.1.1
claudio_klinglerquixplorer
2.2
claudio_klinglerquixplorer
2.3
claudio_klinglerquixplorer
2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35020
http://secunia.com/advisories/35060
http://www.securityfocus.com/archive/1/503396/100/0/threaded
http://www.securityfocus.com/bid/34892
http://www.tinywebgallery.com/forum/viewtopic.php?t=1653
https://exchange.xforce.ibmcloud.com/vulnerabilities/50408
https://www.exploit-db.com/exploits/8649
http://secunia.com/advisories/35020
http://secunia.com/advisories/35060
http://www.securityfocus.com/archive/1/503396/100/0/threaded
http://www.securityfocus.com/bid/34892
http://www.tinywebgallery.com/forum/viewtopic.php?t=1653
https://exchange.xforce.ibmcloud.com/vulnerabilities/50408
https://www.exploit-db.com/exploits/8649