CVE-2021-45010
N/A
N/A
Summary
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/prasathmani/tinyfilemanager/pull/636
- https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7
- https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
- https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh
- https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss
- https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh
- https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1
- http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html
References
- https://github.com/prasathmani/tinyfilemanager/pull/636
- https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7
- https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
- https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh
- https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss
- https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh
- https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1
- http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.