CVE-2021-45010

HIGH

Prasathmani Tiny File Manager < 2.4.7 - Path Traversal

Title source: rule

Description

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

Exploits (4)

exploitdb WORKING POC
by FEBIN MON SAJI · bashwebappsphp
https://www.exploit-db.com/exploits/50828
nomisec WORKING POC 4 stars
by BKreisel · poc
https://github.com/BKreisel/CVE-2021-45010
nomisec WORKING POC 1 stars
by Syd-SydneyJr · poc
https://github.com/Syd-SydneyJr/CVE-2021-45010
github FAILED
by dugisan3rd · pythonpoc
https://github.com/dugisan3rd/exploit/tree/main/cve-2021-45010

References (8)

Scores

CVSS v3 8.8
EPSS 0.7244
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
prasathmani/tiny_file_manager < 2.4.7
Published Mar 15, 2022
Tracked Since Feb 18, 2026