Tiny File Manager@* Security Vulnerabilities and Issues — Tiny File Manager@* CVE List

Lucene search

Tiny File Manager ProjectTiny File Manager*

5 matches found

CVE•added 2022/03/15 12:15 p.m.•158 views

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

8.8CVSS7.7AI score0.6418EPSS

CVE•added 2022/03/17 11:15 a.m.•70 views

CVE-2022-1000

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.

9.8CVSS9.3AI score0.00452EPSS

CVE•added 2019/12/30 8:15 p.m.•62 views

CVE-2019-16790

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.

8.8CVSS7.9AI score0.02173EPSS

CVE•added 2025/02/06 5:15 p.m.•47 views

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.

9.8CVSS7.1AI score0.00327EPSS

CVE•added 2025/02/06 5:15 p.m.•37 views

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

4.8CVSS7.1AI score0.00075EPSS