PT-2022-12289 · Unknown · Tiny File Manager

Febinrev

Published

2022-03-15

Updated

2022-03-21

CVE-2021-45010

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tiny File Manager versions prior to 2.4.7

Description A path traversal issue in the file upload functionality of tinyfilemanager.php allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality in tinyfilemanager.php to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-45010

Affected Products

Tiny File Manager

PT-2022-12289 · Unknown · Tiny File Manager

CVE-2021-45010

Weakness Enumeration

Related Identifiers

Affected Products

References · 12