FEBIN MON SAJI

5 exploits Active since Sep 2021
CVE-2021-46398 NOMISEC HIGH WRITEUP
Filebrowser <2.18.0 - CSRF
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
CVSS 8.8
CVE-2021-40964 EXPLOITDB MEDIUM shell WORKING POC
TinyFileManager <=2.4.6 - Path Traversal
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.
CVSS 6.5
EIP-2026-119275 EXPLOITDB bash WORKING POC
WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
CVE-2021-45010 EXPLOITDB HIGH bash WORKING POC
Prasathmani Tiny File Manager < 2.4.7 - Path Traversal
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
CVSS 8.8
CVE-2021-46398 EXPLOITDB HIGH text WORKING POC
Filebrowser <2.18.0 - CSRF
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
CVSS 8.8