CVE-2022-23044

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.8

Description The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side, and allows unauthenticated users to access uploaded files. The application can also persuade users to perform unintended actions within it due to the CSRF vulnerability.

Recommendations For Tiny File Manager version 2.4.8, as a temporary workaround, consider disabling the file upload feature until a patch is available. Restrict access to uploaded files to minimize the risk of exploitation. Avoid using the application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.