132 matches found
Tiny File Manager 安全漏洞
Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions, which stems from a flaw in the session management mechanism...
PT-2025-5833 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and earlier Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. This is a Cross Site Scripting XSS issue...
CVE-2022-40490
CVE-2022-40490 affects Tiny File Manager v2.4.7 and earlier. A stored XSS flaw allows an attacker to execute arbitrary code by crafting a payload in a file name (uploaded or existing). The issue affects file-name handling and could enable code execution in affected deployments. Remediation is to ...
Tiny File Manager 跨站脚本漏洞
Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code by injecting a specially crafted...
CVE-2022-40490
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...
PT-2025-5834 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where thi...
CVE-2022-40916
Tiny File Manager v2.4.7 and below is vulnerable to session fixation...
CVE-2022-3899
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...
CVE-2022-3899
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...
Cross site request forgery (csrf)
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...
CVE-2022-3899
The CVE-2022-3899 entry describes a CSRF vulnerability in the 3dprint WordPress plugin (versions prior to 3.5.6.9) that uses a modified Tiny File Manager. The underlying issue is a lack of CSRF protection in the file management component, allowing an attacker to craft a request that can delete fi...
PT-2024-11618 · Unknown +1 · Tiny File Manager +1
Name of the Vulnerable Software and Affected Versions: 3dprint WordPress plugin versions prior to 3.5.6.9 Description: The issue allows an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged-in admin into submitting a...
WordPress plugin 3dprint security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
CVE-2022-4023
The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...
CVE-2022-4023
The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...
Cross site request forgery (csrf)
The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...
Exploit for Path Traversal in Tiny_File_Manager_Project Tiny_File_Manager
CVE-2021-45010 Exploit Title: Tiny File Manager 2.4.6 Authen...
Path Traversal - Archiving Files to Zip
Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...