1022 matches found
CVE-2025-30091
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...
CVE-2025-30091
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...
CVE-2025-30091
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...
Tiny MoxieManager 安全漏洞
Tiny MoxieManager is an application from Tiny Inc. NET for managing all media files in PHP and . A security vulnerability exists in Tiny MoxieManager versions prior to 4.0.0 that stems from a remote code execution that can occur in the install command and allow an unauthenticated attacker to inje...
CVE-2025-30091
CVE-2025-30091 affects Tiny MoxieManager PHP prior to 4.0.0. The vulnerability exists in the installer command (InstallCommand) where attacker‑controlled data can be written to config.php, allowing unauthenticated remote code execution after an installation has completed. Root cause is improper h...
CVE-2025-30091
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...
Advisory ROSA-SA-2025-2688
Software: perl 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication procedure. Exploitatio...
CVE-2022-40490
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...
CVE-2022-40916
Tiny File Manager v2.4.7 and below is vulnerable to session fixation...
CVE-2022-40916
Tiny File Manager v2.4.7 and below is vulnerable to session fixation...
CVE-2022-40916
Tiny File Manager v2.4.7 and below is vulnerable to session fixation...
CVE-2022-40490
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...
CVE-2022-40490
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...
CVE-2022-40490
CVE-2022-40490 affects Tiny File Manager v2.4.7 and earlier. A stored XSS flaw allows an attacker to execute arbitrary code by crafting a payload in a file name (uploaded or existing). The issue affects file-name handling and could enable code execution in affected deployments. Remediation is to ...
CVE-2022-40916
Tiny File Manager vulnerability CVE-2022-40916 affects version 2.4.7 and earlier, due to a session-management flaw that enables session fixation. The issue is documented as a high-severity (CVSS 9.8) risk with network attack potential and no user interaction required. Public references indicate a...
CVE-2022-40490
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...
CVE-2022-40916
Tiny File Manager v2.4.7 and below is vulnerable to session fixation...
PT-2025-5834 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where thi...
PT-2025-5833 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and earlier Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. This is a Cross Site Scripting XSS issue...
Tiny File Manager 安全漏洞
Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions, which stems from a flaw in the session management mechanism...