CVE-2022-45476

Tiny File Manager 2.4.8 is vulnerable to insecure file upload that allows server-side execution of uploaded code. Multiple sources describe unauthenticated remote code execution via processing uploaded files instead of serving them for download, enabling attackers to run arbitrary code on the ser...

Tiny File Manager 代码问题漏洞

Tiny File Manager is a web-based open source file manager. A code issue vulnerability exists in Tiny File Manager version 2.4.8, which arises from its server-side processing of uploaded files instead of returning files for download, allowing an unauthenticated user to cause access to uploaded fil...

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-45475

Tiny File Manager 2.4.8 is affected by a broken access control vulnerability that allows an unauthenticated remote attacker to access internal files. The connected documents consistently identify the affected software and the access-control weakness, but do not provide concrete remediation steps ...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...

PT-2022-15804 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files...

PT-2022-27532 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to insecure file upload and processes...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-23044

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF...

CVE-2022-23044

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF...

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

tiny-csrf 安全漏洞

tiny-csrf is a small csrf library by Vincent Alexander Saulys personal developer. It is intended to replace the work done by csurf before it was removed. A security vulnerability exists in versions of tiny-csrf prior to 1.1.0, which stems from the fact that cookies are not encrypted, and thus CSR...

ivntinyforest.nl Cross Site Scripting vulnerability OBB-2942704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-34770

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34776

Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not...

PT-2022-22325 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific...

PT-2022-22327 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns several APIs on the web system that display sensitive information without authorization, including health statements, previous bills in a specific restaurant, alcohol...

CVE-2022-34776

Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not...

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...