exploitDog

CVE-2022-40490

Опубликовано: 06 фев. 2025

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

Ссылки

https://github.com/prasathmani/tinyfilemanager
Product
https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md
Exploit
Third Party Advisory
https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prasathmani:tiny_file_manager:*:*:*:*:*:*:*:*

Версия до 2.4.7 (включая)

EPSS

Процентиль: 32%

0.00121

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-62gw-4h79-3mj6

CVSS3: 4.8

github

около 1 года назад

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

EPSS

Процентиль: 32%

0.00121

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79