In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
CPE | Name | Operator | Version |
---|---|---|---|
tinyfilemanager | eq | 2.0.2 | |
tinyfilemanager | eq | 2.0.1 | |
tinyfilemanager | eq | 2.3.4 | |
tinyfilemanager | eq | 2.3 | |
tinyfilemanager | eq | 2.2.0 | |
tinyfilemanager | eq | 2.3.8 |