CVE-2022-45476

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.8

Description The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to insecure file upload and processes uploaded files server-side, instead of just returning them for download. The application also allows unauthenticated users to access uploaded files.

Recommendations For Tiny File Manager version 2.4.8, consider disabling the file upload feature until a patch is available to prevent remote code execution. Restrict access to uploaded files to minimize the risk of exploitation. Avoid using the application for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.