CVE-2022-40490

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and earlier

Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. This is a Cross Site Scripting (XSS) issue.

Recommendations: For versions 2.4.7 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the ability to upload files or modifying file names to minimize the risk of exploitation. Avoid using potentially malicious file names until the issue is resolved.