CVE-2022-45475

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.8

Description The issue allows an unauthenticated remote attacker to access the application's internal files and execute arbitrary code remotely on the server. This is possible due to broken access control and the application being vulnerable to CSRF. The application processes uploaded files server-side and allows unauthenticated users to access these files.

Recommendations For Tiny File Manager version 2.4.8, consider disabling the file upload feature and restricting access to internal files until a patch is available. As a temporary workaround, restrict access to the application to only authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.