CVE-2022-40916

CRITICAL

Tiny File Manager <2.4.7 - Session Fixation

Title source: llm

Description

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.

Exploits (1)

nomisec WRITEUP
by whitej3rry · poc
https://github.com/whitej3rry/CVE-2022-40916

References (2)

Scores

CVSS v3 9.8
EPSS 0.0057
EPSS Percentile 68.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-384
Status published
Products (1)
prasathmani/tiny_file_manager < 2.4.7
Published Feb 06, 2025
Tracked Since Feb 18, 2026