Lucene search

[email protected]CVE-2021-45010

HistoryMar 15, 2022 - 12:15 p.m.

CVE-2021-45010

2022-03-1512:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-45010

path traversal

file upload

tiny file manager

security vulnerability

code execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.14 Low

EPSS

Percentile

95.7%

JSON

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

Affected configurations

NVD

Node

tiny_file_manager_projecttiny_file_managerRange≤2.4.7

CPENameOperatorVersion
tiny_file_manager_project:tiny_file_managertiny file manager project tiny file managerle2.4.7

CPE	Name	Operator	Version
tiny_file_manager_project:tiny_file_manager	tiny file manager project tiny file manager	le	2.4.7

References

packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html

febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/

github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh

github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7

github.com/prasathmani/tinyfilemanager/pull/636

github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1

raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh

sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss

Social References

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.14 Low

EPSS

Percentile

95.7%

JSON

Related for CVE-2021-45010

prion1 cvelist1 osv1 nvd1 githubexploit3 zdt1 packetstorm1