CVE-2022-45475

MEDIUM

Prasathmani Tiny File Manager - Improper Access Control

Title source: rule

Description

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://fluidattacks.com/advisories/mosey/

Product

https://github.com/prasathmani/tinyfilemanager/

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0092

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

prasathmani/tiny_file_manager 2.4.8

Published Nov 25, 2022

Tracked Since Feb 18, 2026