CVE-2022-45476

CRITICAL

Prasathmani Tiny File Manager - Unrestricted File Upload

Title source: rule

Description

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.

Exploits (1)

github WORKING POC

by dugisan3rd · pythonpoc

https://github.com/dugisan3rd/exploit/tree/main/TinyFM-RCE (CVE-2022-45476)

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://fluidattacks.com/advisories/mosey/

[Product] https://github.com/prasathmani/tinyfilemanager/

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0090

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

prasathmani/tiny_file_manager 2.4.8

Published Nov 25, 2022

Tracked Since Feb 18, 2026