Whitej3Rry

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and earlier Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. This is a Cross Site Scripting (XSS) issue. Recommendations: For versions 2.4.7 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the ability to upload files or modifying file names to minimize the risk of exploitation. Avoid using potentially malicious file names until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: For versions 2.4.7 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.