Lucene search
MitreCVELIST:CVE-2021-40964HistorySep 15, 2021 - 5:12 p.m.
CVE-2021-40964
2021-09-1517:12:28
mitre
www.cve.org
3
path traversal
tinyfilemanager
upload vulnerability
fullpath parameter
csrf vulnerability
EPSS
0.003
Percentile
65.2%
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the “fullpath” parameter containing path traversal strings (…/ and …) in order to escape the server’s intended working directory and write malicious files onto any directory on the computer.
Related
cnvd
cnvd
TinyFileManager path traversal vulnerability
2021-09-17 00:00:00
prion
prion
Path traversal
2021-09-15 18:15:00
cve
cve
CVE-2021-40964
2021-09-15 18:15:09
nvd
nvd
CVE-2021-40964
2021-09-15 18:15:09
zdt
zdt
Tiny File Manager 2.4.6 - Remote Code Execution Exploit
2022-03-16 00:00:00
packetstorm
packetstorm
Tiny File Manager 2.4.6 Shell Upload
2022-03-16 00:00:00
exploitdb
exploitdb
Tiny File Manager 2.4.6 - Remote Code Execution (RCE)
2022-03-16 00:00:00