FEBIN MON SAJI - Security Researcher - Exploit Intelligence Platform

CVE-2021-46398 NOMISEC HIGH WRITEUP

FileBrowser < 2.18.0 - Cross-Site Request Forgery via Malicious HTML Webpage

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.

CVSS 8.8

View Code

CVE-2021-45010 WRITEUP HIGH WORKING POC

Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

CVSS 8.8

View Code

CVE-2021-40964 EXPLOITDB MEDIUM shell WORKING POC

TinyFileManager <=2.4.6 - Path Traversal

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVSS 6.5

View Code

EIP-2026-119275 EXPLOITDB bash WORKING POC

WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)

View Code

CVE-2021-45010 EXPLOITDB HIGH bash WORKING POC

Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

CVSS 8.8

View Code

CVE-2021-46398 EXPLOITDB HIGH text WORKING POC

FileBrowser < 2.18.0 - Cross-Site Request Forgery via Malicious HTML Webpage

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.

CVSS 8.8

View Code