CVE-2022-1000 Path Traversal in prasathmani/tinyfilemanager

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7...

CVE-2022-1000

CVE-2022-1000 describes a path traversal vulnerability in the web-based Tiny File Manager project (prasathmani/tinyfilemanager) prior to version 2.4.7. According to connected sources, the flaw stems from how file uploads are handled when a file with the same name already exists: the code alters t...

TinyFileManager 路径遍历漏洞

TinyFileManager is a web-based file manager. It is used to store, upload, edit and manage files and folders online via a web browser. TinyFileManager 2.4.7 previously had a security vulnerability, there is no information about this vulnerability yet, please stay tuned to CNNVD or the vendor's...

TinyFileManager cross-site request forgery vulnerability

TinyFileManager is a web-based file manager. A cross-site request forgery vulnerability exists in TinyFileManager 2.4.6 and all versions below, which can be exploited by attackers to upload files and run operating system commands by tricking Administrator users into browsing an attacker-controlle...

TinyFileManager path traversal vulnerability

TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software's lack of validation and escaping of the fullpath...

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-40964

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

CVE-2021-40964

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

Design/Logic Flaw

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

Path traversal

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-40964

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

CVE-2021-40964

CVE-2021-40964 concerns TinyFileManager up to version 2.4.6, where a path traversal flaw in the fullpath parameter allows uploading files outside the intended working directory. The root cause is inadequate validation/escaping of fullpath, enabling an attacker to place malicious files in arbitrar...

CVE-2021-40965

TinyFileManager is affected by a CSRF vulnerability up to version 2.4.6. The issue allows an attacker to induce an administrator to visit a URL controlled by the attacker, enabling file uploads and execution of OS commands. Concrete details across connected sources confirm the affected software/v...

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-40966

Summary: CVE-2021-40966 affects TinyFileManager up to version 2.4.6. The stored XSS arises when a server processes a filename containing HTML/JavaScript, specifically via the /tinyfilemanager.php endpoint. The root cause described across sources is lack of proper validation/escaping of parameters...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...