111 matches found
PT-2022-27532 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to insecure file upload and processes...
3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...
Tiny File Manager 2.4.6 Shell Upload
Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...
CVE-2021-45010
Tiny File Manager (prasathmani) contains a path traversal vulnerability in tinyfilemanager.php’s file-upload functionality up to v2.4.7. An authenticated user can upload PHP files and, due to a root-cause mismatch in the upload handler (saving via $_REQUEST['fullpath'] while validating via $_FILE...
Tiny File Manager路径遍历漏洞
Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...
Tiny File Manager 2.4.3 Shell Upload
Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...
Path Traversal in prasathmani/tinyfilemanager
Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...
PT-2021-23020
Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Cross-Site Request Forgery CSRF issue exists that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacke...
Tiny File Manager Path Traversal Vulnerability
Tiny File Manager is a web-based open source file manager. A path traversal vulnerability exists in Tiny File Manager. An attacker can use this vulnerability to place a copy of a backup file in a different directory...
Tiny File Manager path traversal vulnerability (CNVD-2020-27486)
Tiny File Manager is a web-based open source file manager. Tiny File Manager path traversal vulnerability. An attacker can use this vulnerability to enumerate directories and files on the file system...
CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...
CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
Path traversal
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
CVE-2020-12103
Tiny File Manager 2.4.1 contains a vulnerability in the ajax file backup copy functionality that allows authenticated users to create backup copies (.bak) outside the intended scope in the same directory. The issue is due to a flaw in the backup copy feature. Remediation suggested in the connecte...
CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...