PT-2019-14833 · Unknown · Tiny File Manager

Prasathmani

Publicado

2019-12-30

Atualizado

2025-12-31

CVE-2019-16790

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tiny File Manager versions prior to 2.3.9

Description The issue allows for remote code execution through the Upload from URL feature and the Edit/Rename files functionality. It affects only authenticated users.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Upload from URL and Edit/Rename files features for authenticated users until the update is applied.

Correção

RCE

Unrestricted File Upload

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-78

Identificadores relacionados

CVE-2019-16790

GHSA-W72H-V37J-RRWR

Produtos afetados

Tiny File Manager

PT-2019-14833 · Unknown · Tiny File Manager

CVE-2019-16790

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5