Tiny File Manager Security Vulnerabilities and Issues — Tiny File Manager CVE List

Lucene search

Tiny File Manager ProjectTiny File Manager

5 matches found

CVE•added 2022/03/15 12:15 p.m.•160 views

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

8.8CVSS7.7AI score0.6418EPSS

CVE•added 2022/03/17 11:15 a.m.•70 views

CVE-2022-1000

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.

9.8CVSS9.3AI score0.00452EPSS

CVE•added 2022/11/25 5:15 p.m.•54 views

CVE-2022-23044

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.

8.8CVSS8.6AI score0.00305EPSS

CVE•added 2022/11/25 6:15 p.m.•49 views

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.

9.8CVSS9.4AI score0.00313EPSS

CVE•added 2022/11/25 6:15 p.m.•46 views

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.

6.5CVSS6.5AI score0.00135EPSS