VYPR

Quixplorer

by Claudio Klingler

CVEs (2)

  • CVE-2011-5005Dec 25, 2011
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified…

  • CVE-2009-1911Jun 4, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter…