Lucene search
K

111 matches found

Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.7 views

PT-2022-27532 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to insecure file upload and processes...

9.8CVSS9.8AI score0.0098EPSS
Exploits1References7
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.16 views

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

8.1CVSS8AI score0.00404EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/03/16 12:0 a.m.1771 views

Tiny File Manager 2.4.6 Shell Upload

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

8.8CVSS7.6AI score0.7008EPSS
Exploits9
OSV
OSV
added 2022/03/15 12:15 p.m.25 views

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

8.8CVSS7.4AI score0.7008EPSS
Exploits7References8
NVD
NVD
added 2022/03/15 12:15 p.m.20 views

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

8.8CVSS0.7008EPSS
Exploits7References8
ATTACKERKB
ATTACKERKB
added 2022/03/15 12:15 p.m.4 views

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

8.8CVSS7.5AI score0.7008EPSS
Exploits7References9
CVE
CVE
added 2022/03/15 11:13 a.m.218 views

CVE-2021-45010

Tiny File Manager (prasathmani) contains a path traversal vulnerability in tinyfilemanager.php’s file-upload functionality up to v2.4.7. An authenticated user can upload PHP files and, due to a root-cause mismatch in the upload handler (saving via $_REQUEST['fullpath'] while validating via $_FILE...

8.8CVSS7.7AI score0.7008EPSS
Exploits7References8Affected Software1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.24 views

Tiny File Manager路径遍历漏洞

Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...

8.8CVSS8.5AI score0.7008EPSS
Exploits7References12
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.383 views

Tiny File Manager 2.4.3 Shell Upload

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/02/15 10:8 a.m.41 views

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

7.5CVSS0.3AI score0.01864EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/09/15 12:0 a.m.3 views

PT-2021-23020

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Cross-Site Request Forgery CSRF issue exists that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacke...

9.3CVSS8.5AI score0.00596EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/29 12:0 a.m.3 views

Tiny File Manager Path Traversal Vulnerability

Tiny File Manager is a web-based open source file manager. A path traversal vulnerability exists in Tiny File Manager. An attacker can use this vulnerability to place a copy of a backup file in a different directory...

7.7CVSS6.9AI score0.01458EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/29 12:0 a.m.4 views

Tiny File Manager path traversal vulnerability (CNVD-2020-27486)

Tiny File Manager is a web-based open source file manager. Tiny File Manager path traversal vulnerability. An attacker can use this vulnerability to enumerate directories and files on the file system...

7.7CVSS6.9AI score0.0183EPSS
Exploits0References1
OSV
OSV
added 2020/04/28 10:15 p.m.18 views

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

7.7CVSS6.6AI score0.01458EPSS
Exploits0References3
NVD
NVD
added 2020/04/28 10:15 p.m.21 views

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

7.7CVSS7.4AI score0.01458EPSS
Exploits0References3
NVD
NVD
added 2020/04/28 9:15 p.m.21 views

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

7.7CVSS7.4AI score0.0183EPSS
Exploits0References3
OSV
OSV
added 2020/04/28 9:15 p.m.19 views

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

7.7CVSS6.6AI score0.0183EPSS
Exploits0References3
Prion
Prion
added 2020/04/28 9:15 p.m.14 views

Path traversal

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

6.8CVSS7.3AI score0.0183EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/04/28 9:7 p.m.80 views

CVE-2020-12103

Tiny File Manager 2.4.1 contains a vulnerability in the ajax file backup copy functionality that allows authenticated users to create backup copies (.bak) outside the intended scope in the same directory. The issue is due to a flaw in the backup copy feature. Remediation suggested in the connecte...

7.7CVSS7.3AI score0.01458EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/04/28 9:7 p.m.28 views

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

7.4AI score0.01458EPSS
Exploits0References3
Rows per page
Query Builder