Lucene search
K

132 matches found

CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

Tiny File Manager 安全漏洞

Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions, which stems from a flaw in the session management mechanism...

9.8CVSS6.5AI score0.00802EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.8 views

PT-2025-5833 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and earlier Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. This is a Cross Site Scripting XSS issue...

4.8CVSS6.1AI score0.00386EPSS
Exploits1References7
CVE
CVE
added 2025/02/06 12:0 a.m.55 views

CVE-2022-40490

CVE-2022-40490 affects Tiny File Manager v2.4.7 and earlier. A stored XSS flaw allows an attacker to execute arbitrary code by crafting a payload in a file name (uploaded or existing). The issue affects file-name handling and could enable code execution in affected deployments. Remediation is to ...

4.8CVSS7.1AI score0.00386EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.6 views

Tiny File Manager 跨站脚本漏洞

Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code by injecting a specially crafted...

4.8CVSS7.4AI score0.00386EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.7 views

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

7AI score0.00386EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.9 views

PT-2025-5834 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where thi...

9.8CVSS6.2AI score0.00802EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.8 views

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

6.9AI score0.00802EPSS
Exploits2References2
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

8.1CVSS5.8AI score0.00404EPSS
Exploits2References1
NVD
NVD
added 2024/01/16 4:15 p.m.20 views

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

8.1CVSS8AI score0.00404EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.23 views

Cross site request forgery (csrf)

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

5.8CVSS7AI score0.00404EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/01/16 3:50 p.m.66 views

CVE-2022-3899

The CVE-2022-3899 entry describes a CSRF vulnerability in the 3dprint WordPress plugin (versions prior to 3.5.6.9) that uses a modified Tiny File Manager. The underlying issue is a lack of CSRF protection in the file management component, allowing an attacker to craft a request that can delete fi...

8.1CVSS7.9AI score0.00404EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-11618 · Unknown +1 · Tiny File Manager +1

Name of the Vulnerable Software and Affected Versions: 3dprint WordPress plugin versions prior to 3.5.6.9 Description: The issue allows an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged-in admin into submitting a...

8.1CVSS7.9AI score0.00404EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

WordPress plugin 3dprint security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

8.1CVSS6.8AI score0.00404EPSS
Exploits2References2
OSV
OSV
added 2023/07/17 2:15 p.m.2 views

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

5.3CVSS5.8AI score0.003EPSS
Exploits2References2
NVD
NVD
added 2023/07/17 2:15 p.m.21 views

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

5.3CVSS0.003EPSS
Exploits2References2
Prion
Prion
added 2023/07/17 2:15 p.m.25 views

Cross site request forgery (csrf)

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

2.6CVSS5.2AI score0.003EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.14 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS6.8AI score0.003EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2023/03/13 6:40 p.m.367 views

Exploit for Path Traversal in Tiny_File_Manager_Project Tiny_File_Manager

CVE-2021-45010 Exploit Title: Tiny File Manager 2.4.6 Authen...

8.8CVSS7.9AI score0.7008EPSS
Exploits7
Huntr
Huntr
added 2023/01/12 6:34 p.m.13 views

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

7.2AI score
Exploits0References1
Rows per page
Query Builder