TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software’s lack of validation and escaping of the fullpath parameter, and can be exploited by attackers to upload files to browse the server’s intended working directory and write malicious files to any directory on the computer.
CPE | Name | Operator | Version |
---|---|---|---|
tinyfilemanager tinyfilemanager | le | 2.4.6 |