CVE-2019-16790

Summary

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.

Affected Software

VendorProductVersion RangeStatus
Tiny File ManagerTiny File Managerbefore 2.3.9affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References