Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HPrasathmani Tiny File Manager
APPPrasathmani2.4.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-40916CRITICAL9.8PL ✓ten sam produkt
Session fixation w Tiny File Manager v2.4.7 i wcześniejszych
CVE-2022-45476CRITICAL9.8ten sam produkt
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of ju...
CVE-2022-1000CRITICAL9.8ten sam produkt
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
CVE-2021-45010HIGH8.8ten sam produkt
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager be...
CVE-2021-40965HIGH8.8ten sam produkt
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2....