CVE-2019-16790

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tiny File Manager versions prior to 2.3.9

Description The issue allows for remote code execution through the Upload from URL feature and the Edit/Rename files functionality. It affects only authenticated users.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Upload from URL and Edit/Rename files features for authenticated users until the update is applied.

Fix

RCE

Unrestricted File Upload

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-78

Related Identifiers

CVE-2019-16790

GHSA-W72H-V37J-RRWR

Affected Products

Tiny File Manager

CVE-2019-16790

Weakness Enumeration

Related Identifiers

Affected Products

References · 5