prasathmani

6 exploits Active since Sep 2021
CVE-2021-40964 WRITEUP MEDIUM WORKING POC
TinyFileManager <=2.4.6 - Path Traversal
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.
CVSS 6.5
CVE-2021-40965 WRITEUP HIGH WORKING POC
TinyFileManager <= 2.4.6 - Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.
CVSS 8.8
CVE-2021-40966 WRITEUP MEDIUM WORKING POC
TinyFileManager <= 2.4.6 - Stored Cross-Site Scripting via Malicious Filename Upload
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.
CVSS 5.4
CVE-2022-23044 WRITEUP HIGH WORKING POC
Tiny File Manager 2.4.8 - Unauthenticated Cross-Site Request Forgery
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
CVSS 8.8
CVE-2022-45475 WRITEUP MEDIUM WORKING POC
Tiny File Manager 2.4.8 - Unauthenticated Improper Access Control
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.
CVSS 6.5
CVE-2022-45476 WRITEUP CRITICAL WORKING POC
Tiny File Manager 2.4.8 - Unrestricted Upload of File with Dangerous Type
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
CVSS 9.8