Описание
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.8:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01315
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
EPSS
Процентиль: 79%
0.01315
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-352