exploitDog

CVE-2021-40965

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

Ссылки

https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528
Third Party Advisory
https://github.com/prasathmani/tinyfilemanager
Product
Third Party Advisory
https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528
Third Party Advisory
https://github.com/prasathmani/tinyfilemanager
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prasathmani:tiny_file_manager:*:*:*:*:*:*:*:*

Версия до 2.4.6 (включая)

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-2p5c-r4xc-mhvw

CVSS3: 8.8

github

больше 3 лет назад

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

EPSS

Процентиль: 33%

0.00134

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-352