CVE-2021-40965

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6

Description A Cross-Site Request Forgery (CSRF) issue exists that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

Recommendations For versions up to and including 2.4.6, update to a version later than 2.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality until a patch is available.